[prep-release-3.2.9] Update changelog for 3.2.9

[ticket/security-250] Check form key when approving group membership

README.md

@@ -31,9 +31,11 @@ Read our [Vagrant documentation](phpBB/docs/vagrant.md) to find out how to use V
 
 We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](https://bamboo.phpbb.com) or check our travis builds below:
 
-* [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=master)](http://travis-ci.org/phpbb/phpbb)[![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/master?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/master) **master** - Latest development version
-* [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.2.x)](http://travis-ci.org/phpbb/phpbb)[![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.2.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.2.x) **3.2.x** - Development of version 3.2.x
-* [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.1.x)](http://travis-ci.org/phpbb/phpbb) **3.1.x** - Development of version 3.1.x
+Travis CI  | AppVeyor | Branch  | Description
+---------- | -------- | ------- | -----------
+[![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=master)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/master?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/master) | **master** | Latest development version
+[![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.3.x)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.3.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.3.x) | **3.3.x** | Development of version 3.3.x
+[![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.2.x)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.2.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.2.x) | **3.2.x** | Development of version 3.2.x
 
 ## LICENSE
 

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.2.8-RC1" />
-	<property name="prevversion" value="3.2.7" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6" />
+	<property name="newversion" value="3.2.9" />
+	<property name="prevversion" value="3.2.8" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.9-RC1" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />

build/generate_package_json.php

@@ -0,0 +1,127 @@
+#!/usr/bin/env php
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+if (version_compare(PHP_VERSION, '7.0-dev', '<'))
+{
+	die('generate_package_json.php requires at least PHP 7.0.');
+}
+
+define('IN_PHPBB', true);
+include_once('../phpBB/includes/functions.php');
+
+$json_data = new \stdClass();
+$json_data->metadata = new stdClass();
+
+$json_data->metadata->current_version_date = '';
+$json_data->metadata->current_version = '';
+$json_data->metadata->download_path = '';
+$json_data->metadata->show_update_package = true;
+$json_data->metadata->historic = false;
+
+$json_data->package = [];
+
+// Open build.xml
+$build_xml = simplexml_load_file('build.xml');
+$current_version = (string) $build_xml->xpath('/project/property[@name=\'newversion\']/@value')[0]->value;
+$previous_version = (string) $build_xml->xpath('/project/property[@name=\'prevversion\']/@value')[0]->value;
+$older_verions = explode(', ', (string) $build_xml->xpath('/project/property[@name=\'olderversions\']/@value')[0]->value);
+
+// Clean and sort version info
+$older_verions[] = $previous_version;
+$older_verions = array_filter($older_verions, function($version) {
+	preg_match(get_preg_expression('semantic_version'), $version, $matches);
+	return empty($matches['prerelease']) || strpos($matches['prerelease'], 'pl') !== false;
+});
+usort($older_verions, function($version_a, $version_b)
+{
+	return phpbb_version_compare($version_b, $version_a);
+});
+
+// Set metadata
+$json_data->metadata->current_version = $current_version;
+$json_data->metadata->current_version_date = date('Y-m-d');
+$json_data->metadata->download_path = 'https://download.phpbb.com/pub/release/' . preg_replace('#([0-9]+\.[0-9]+)(\..+)#', '$1', $current_version) . '/' . $current_version . '/';
+
+// Add package, patch files, and changed files
+phpbb_add_package_file(
+	$json_data->package,
+	'phpBB ' . $current_version,
+	'phpBB-' . $current_version,
+	'full',
+	''
+);
+phpbb_add_package_file(
+	$json_data->package,
+	'phpBB ' . $current_version . ' Patch Files',
+	'phpBB-' . $current_version . '-patch',
+	'update',
+	'patch'
+);
+phpbb_add_package_file(
+	$json_data->package,
+	'phpBB ' . $current_version . ' Changed Files',
+	'phpBB-' . $current_version . '-files',
+	'update',
+	'files'
+);
+
+// Loop through packages and assign to packages array
+foreach ($older_verions as $version)
+{
+	phpbb_add_package_file(
+		$json_data->package,
+		'phpBB ' . $version . ' to ' . $current_version . ' Update Package',
+		'phpBB-' . $version . '_to_' . $current_version,
+		'update',
+		'update',
+		$version
+	);
+}
+
+echo(json_encode($json_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) . "\n");
+
+function phpbb_add_package_file(array &$package_list, $name, $file_name, $type, $subtype, $from = '')
+{
+	if (!file_exists(__DIR__ . '/new_version/release_files/' . $file_name . '.zip'))
+	{
+		trigger_error('File does not exist: ' . __DIR__ . '/new_version/release_files/' . $file_name . '.zip');
+		return;
+	}
+
+	$package_file = new stdClass();
+	$package_file->name = $name;
+	$package_file->filename = $file_name;
+	$package_file->type = $type;
+	if (!empty($subtype))
+	{
+		$package_file->subtype = $subtype;
+	}
+	if (!empty($from))
+	{
+		$package_file->from = $from;
+	}
+	$package_file->files = [];
+
+	foreach (['zip', 'tar.bz2'] as $extension)
+	{
+		$file_path = 'new_version/release_files/' . $file_name  . '.' . $extension;
+		$filedata = new stdClass();
+		$filedata->filesize = filesize($file_path);
+		$filedata->checksum = trim(preg_replace('/(^\w+)(.+)/', '$1', file_get_contents($file_path . '.sha256')));
+		$filedata->filetype = $extension;
+		$package_file->files[] = $filedata;
+	}
+
+	$package_list[] = $package_file;
+}

phpBB/adm/style/acp_attachments.html

@@ -110,7 +110,7 @@
 <!-- ELSEIF S_EXTENSION_GROUPS -->
 
 	<!-- IF S_EDIT_GROUP -->
-		<script type="text/javascript" defer="defer">
+		<script>
 		// <![CDATA[
 			function update_image(newimage)
 			{

phpBB/adm/style/acp_ban.html

@@ -8,7 +8,7 @@
 
 <p>{L_EXPLAIN}</p>
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 
 	var ban_length = new Array();

phpBB/adm/style/acp_contact.html

@@ -1,6 +1,6 @@
 <!-- INCLUDE overall_header.html -->
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 
 	var form_name = 'acp_contact';

phpBB/adm/style/acp_database.html

@@ -35,7 +35,7 @@
 
 	<p>{L_ACP_BACKUP_EXPLAIN}</p>
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 
 		function selector(bool)
@@ -67,12 +67,6 @@
 		<label><input name="method"<!-- IF methods.S_FIRST_ROW --> id="method" checked="checked"<!-- ENDIF --> type="radio" class="radio" value="{methods.TYPE}" /> {methods.TYPE}</label>
 		<!-- END methods --></dd>
 	</dl>
-	<dl>
-		<dt><label for="where">{L_ACTION}{L_COLON}</label></dt>
-		<dd>
-			<label><input id="where" type="radio" class="radio" name="where" value="store" checked="checked" /> {L_STORE_LOCAL}</label>
-		</dd>
-	</dl>
 	<dl>
 		<dt><label for="table">{L_TABLE_SELECT}{L_COLON}</label></dt>
 		<dd><select id="table" name="table[]" size="10" multiple="multiple">

phpBB/adm/style/acp_forums.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT_FORUM -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		/**
 		* Handle displaying/hiding several options based on the forum type
@@ -405,7 +405,7 @@
 
 <!-- ELSEIF S_CONTINUE_SYNC -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		var close_waitscreen = 0;
 		// no scrollbars...
@@ -421,7 +421,7 @@
 
 <!-- ELSE -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		/**
 		* Popup search progress bar
@@ -447,7 +447,7 @@
 	<!-- ENDIF -->
 
 	<!-- IF S_RESYNCED -->
-		<script type="text/javascript">
+		<script>
 		// <![CDATA[
 			var close_waitscreen = 1;
 		// ]]>

phpBB/adm/style/acp_groups.html

@@ -36,10 +36,12 @@
 		<dl>
 			<dt><label for="group_type">{L_GROUP_TYPE}{L_COLON}</label><br /><span>{L_GROUP_TYPE_EXPLAIN}</span></dt>
 			<dd>
+				{% EVENT acp_group_types_prepend %}
 				<label><input name="group_type" type="radio" class="radio" id="group_type" value="{GROUP_TYPE_FREE}"{GROUP_FREE} /> {L_GROUP_OPEN}</label>
 				<label><input name="group_type" type="radio" class="radio" value="{GROUP_TYPE_OPEN}"{GROUP_OPEN} /> {L_GROUP_REQUEST}</label>
 				<label><input name="group_type" type="radio" class="radio" value="{GROUP_TYPE_CLOSED}"{GROUP_CLOSED} /> {L_GROUP_CLOSED}</label>
 				<label><input name="group_type" type="radio" class="radio" value="{GROUP_TYPE_HIDDEN}"{GROUP_HIDDEN} /> {L_GROUP_HIDDEN}</label>
+				{% EVENT acp_group_types_append %}
 			</dd>
 		</dl>
 	<!-- ELSE -->

phpBB/adm/style/acp_icons.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT -->
 
-	<script type="text/javascript" defer="defer">
+	<script>
 	// <![CDATA[
 	<!-- IF S_ADD_CODE -->
 

phpBB/adm/style/acp_modules.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT_MODULE -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		function display_options(value)
 		{

phpBB/adm/style/acp_permission_roles.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		var active_pmask = '0';
 		var active_fmask = '0';
@@ -20,7 +20,7 @@
 	// ]]>
 	</script>
 
-	<script type="text/javascript" src="style/permissions.js"></script>
+	<script src="style/permissions.js"></script>
 
 	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 

phpBB/adm/style/acp_posting_buttons.html

@@ -1,31 +1,10 @@
-<script type="text/javascript">
+<script>
 // <![CDATA[
 
 	// Define the bbCode tags
 	var bbcode = new Array();
 	var bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]','[flash=]', '[/flash]','[size=]','[/size]'<!-- BEGIN custom_tags -->, {custom_tags.BBCODE_NAME}<!-- END custom_tags -->);
 
-	// Helpline messages
-	var help_line = {
-		b: '{LA_BBCODE_B_HELP}',
-		i: '{LA_BBCODE_I_HELP}',
-		u: '{LA_BBCODE_U_HELP}',
-		q: '{LA_BBCODE_Q_HELP}',
-		c: '{LA_BBCODE_C_HELP}',
-		l: '{LA_BBCODE_L_HELP}',
-		o: '{LA_BBCODE_O_HELP}',
-		p: '{LA_BBCODE_P_HELP}',
-		w: '{LA_BBCODE_W_HELP}',
-		a: '{LA_BBCODE_A_HELP}',
-		s: '{LA_BBCODE_S_HELP}',
-		f: '{LA_BBCODE_F_HELP}',
-		y: '{LA_BBCODE_Y_HELP}',
-		d: '{LA_BBCODE_D_HELP}'
-		<!-- BEGIN custom_tags -->
-			,cb_{custom_tags.BBCODE_ID}{L_COLON} '{custom_tags.A_BBCODE_HELPLINE}'
-		<!-- END custom_tags -->
-	}
-
 // ]]>
 </script>
 
@@ -65,7 +44,7 @@
 	</select>
 	<!-- EVENT acp_posting_buttons_custom_tags_before -->
 	<!-- BEGIN custom_tags -->
-	<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{custom_tags.BBCODE_HELPLINE}" />
+	<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{{ custom_tags.BBCODE_HELPLINE|e('html_attr') }}" />
 	<!-- END custom_tags -->
 </div>
 <!-- EVENT acp_posting_buttons_after -->

phpBB/adm/style/acp_ranks.html

@@ -6,7 +6,7 @@
 
 	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		function update_image(newimage)
 		{

phpBB/adm/style/acp_search.html

@@ -69,7 +69,7 @@
 
 <!-- ELSEIF S_INDEX -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		/**
 		* Popup search progress bar

phpBB/adm/style/acp_users_overview.html

@@ -79,7 +79,7 @@
 
 <!-- IF not S_USER_FOUNDER or S_FOUNDER -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 
 		function display_reason(option)

phpBB/adm/style/acp_users_prefs.html

@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script>
 // <![CDATA[
 	var default_dateformat = '{A_DEFAULT_DATEFORMAT}';
 // ]]>

phpBB/adm/style/acp_users_signature.html

@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script>
 // <![CDATA[
 
 	var form_name = 'user_signature';

phpBB/adm/style/installer_footer.html

@@ -13,7 +13,7 @@
 	</div>
 </div>
 
-<script type="text/javascript">
+<script>
 <!--
 installLang = {
 	title: '{LA_TIMEOUT_DETECTED_TITLE}',
@@ -22,9 +22,9 @@ installLang = {
 //-->
 </script>
 
-<script type="text/javascript" src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js">\x3C/script>');</script><!-- ENDIF -->
-<script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
+<script src="{T_JQUERY_LINK}"></script>
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js">\x3C/script>');</script><!-- ENDIF -->
+<script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS admin.js -->
 {$SCRIPTS}
 

phpBB/adm/style/overall_footer.html

@@ -33,9 +33,9 @@
 	</div>
 </div>
 
-<script type="text/javascript" src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
-<script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
+<script src="{T_JQUERY_LINK}"></script>
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS ajax.js -->
 <!-- INCLUDEJS admin.js -->
 

phpBB/adm/style/overall_header.html

@@ -10,7 +10,7 @@
 <link href="{T_FONT_AWESOME_LINK}" rel="stylesheet">
 <link href="style/admin.css?assets_version={T_ASSETS_VERSION}" rel="stylesheet" type="text/css" media="screen" />
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 var jump_page = '{LA_JUMP_PAGE}{L_COLON}';
 var on_page = '{CURRENT_PAGE}';

phpBB/adm/style/permission_mask.html

@@ -1,5 +1,5 @@
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 	var active_pmask = '0';
 	var active_fmask = '0';
@@ -9,12 +9,14 @@
 
 	var role_options = new Array();
 
+	var no_role_assigned = "{LA_NO_ROLE_ASSIGNED}";
+
 	<!-- IF S_ROLE_JS_ARRAY -->
 		{S_ROLE_JS_ARRAY}
 	<!-- ENDIF -->
 // ]]>
 </script>
-<script type="text/javascript" src="style/permissions.js"></script>
+<script src="style/permissions.js"></script>
 
 <!-- BEGIN p_mask -->
 <div class="clearfix"></div>

phpBB/adm/style/permissions.js

@@ -279,6 +279,10 @@ function reset_role(id) {
 	}
 
 	t.options[0].selected = true;
+
+	var parent = t.parentNode;
+	parent.querySelector('span.dropdown-trigger').innerText = no_role_assigned;
+	parent.querySelector('input[data-name^=role]').value = '0';
 }
 
 /**

phpBB/adm/style/progress_bar.html

@@ -1,6 +1,6 @@
 <!-- INCLUDE simple_header.html -->
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 	/**
 	* Close previously opened popup
@@ -31,7 +31,7 @@
 	<p>{L_PROGRESS_EXPLAIN}</p>
 </div>
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 	close_popup();
 // ]]>

phpBB/adm/style/simple_footer.html

@@ -16,9 +16,9 @@
 
 </div>
 
-<script type="text/javascript" src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
-<script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
+<script src="{T_JQUERY_LINK}"></script>
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 
 <!-- EVENT acp_simple_footer_after -->
 {$SCRIPTS}

phpBB/adm/style/simple_header.html

@@ -9,7 +9,7 @@
 
 <link href="style/admin.css?assets_version={T_ASSETS_VERSION}" rel="stylesheet" type="text/css" media="screen" />
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 var jump_page = '{LA_JUMP_PAGE}{L_COLON}';
 var on_page = '{CURRENT_PAGE}';

phpBB/assets/javascript/editor.js

@@ -17,17 +17,10 @@ var is_ie = ((clientPC.indexOf('msie') !== -1) && (clientPC.indexOf('opera') ===
 var is_win = ((clientPC.indexOf('win') !== -1) || (clientPC.indexOf('16bit') !== -1));
 var baseHeight;
 
-/**
-* Shows the help messages in the helpline window
-*/
-function helpline(help) {
-	document.forms[form_name].helpbox.value = help_line[help];
-}
-
 /**
 * Fix a bug involving the TextRange object. From
 * http://www.frostjedi.com/terra/scripts/demo/caretBug.html
-*/ 
+*/
 function initInsertions() {
 	var doc;
 
@@ -104,8 +97,8 @@ function bbfontstyle(bbopen, bbclose) {
 	}
 	// IE
 	else if (document.selection) {
-		var range = textarea.createTextRange(); 
-		range.move("character", new_pos); 
+		var range = textarea.createTextRange();
+		range.move("character", new_pos);
 		range.select();
 		storeCaret(textarea);
 	}

phpBB/assets/javascript/plupload.js

@@ -90,6 +90,12 @@ phpbb.plupload.getSerializedData = function() {
 			obj['attachment_data[' + i + '][' + key + ']'] = datum[key];
 		}
 	}
+
+	// Insert form data
+	var $pluploadForm = $(phpbb.plupload.config.form_hook).first();
+	obj.creation_time = $pluploadForm.find('input[type=hidden][name="creation_time"]').val();
+	obj.form_token = $pluploadForm.find('input[type=hidden][name="form_token"]').val();
+
 	return obj;
 };
 
@@ -264,6 +270,17 @@ phpbb.plupload.deleteFile = function(row, attachId) {
 
 			return;
 		}
+
+		// Handle errors while deleting file
+		if (typeof response.error !== 'undefined') {
+			phpbb.alert(phpbb.plupload.lang.ERROR, response.error.message);
+
+			// We will have to assume that the deletion failed. So leave the file status as uploaded.
+			row.find('.file-status').toggleClass('file-uploaded');
+
+			return;
+		}
+
 		phpbb.plupload.update(response, 'removal', index);
 		// Check if the user can upload files now if he had reached the max files limit.
 		phpbb.plupload.handleMaxFilesReached();
@@ -446,6 +463,44 @@ phpbb.plupload.fileError = function(file, error) {
 phpbb.plupload.uploader = new plupload.Uploader(phpbb.plupload.config);
 phpbb.plupload.initialize();
 
+/**
+ * Add a file filter to check for max file sizes per mime type.
+ */
+plupload.addFileFilter('mime_types_max_file_size', function(types, file, callback) {
+	if (file.size !== 'undefined') {
+		$(types).each(function(i, type) {
+			let extensions = [],
+				extsArray = type.extensions.split(',');
+
+			$(extsArray).each(function(i, extension) {
+				/^\s*\*\s*$/.test(extension) ? extensions.push("\\.*") : extensions.push("\\." + extension.replace(new RegExp("[" + "/^$.*+?|()[]{}\\".replace(/./g, "\\$&") + "]", "g"), "\\$&"));
+			});
+
+			let regex = new RegExp("(" + extensions.join("|") + ")$", "i");
+
+			if (regex.test(file.name)) {
+				if (type.max_file_size !== 'undefined' && type.max_file_size) {
+					if (file.size > type.max_file_size) {
+						phpbb.plupload.uploader.trigger('Error', {
+							code: plupload.FILE_SIZE_ERROR,
+							message: plupload.translate('File size error.'),
+							file: file
+						});
+
+						callback(false);
+					} else {
+						callback(true);
+					}
+				} else {
+					callback(true);
+				}
+
+				return false;
+			}
+		});
+	}
+});
+
 var $fileList = $('#file-list');
 
 /**

phpBB/composer.lock

@@ -83,16 +83,16 @@
         },
         {
             "name": "guzzlehttp/guzzle",
-            "version": "5.3.3",
+            "version": "5.3.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "93bbdb30d59be6cd9839495306c65f2907370eb9"
+                "reference": "b87eda7a7162f95574032da17e9323c9899cb6b2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/93bbdb30d59be6cd9839495306c65f2907370eb9",
-                "reference": "93bbdb30d59be6cd9839495306c65f2907370eb9",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b87eda7a7162f95574032da17e9323c9899cb6b2",
+                "reference": "b87eda7a7162f95574032da17e9323c9899cb6b2",
                 "shasum": ""
             },
             "require": {
@@ -132,7 +132,7 @@
                 "rest",
                 "web service"
             ],
-            "time": "2018-07-31T13:33:10+00:00"
+            "time": "2019-10-30T09:32:00+00:00"
         },
         {
             "name": "guzzlehttp/ringphp",
@@ -346,16 +346,16 @@
         },
         {
             "name": "marc1706/fast-image-size",
-            "version": "v1.1.4",
+            "version": "v1.1.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/marc1706/fast-image-size.git",
-                "reference": "c4ded0223a4e49ae45a2183a69f6afac5baf7250"
+                "reference": "3a3a2b036be20f43fa06ce00dfa754df503e6684"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/marc1706/fast-image-size/zipball/c4ded0223a4e49ae45a2183a69f6afac5baf7250",
-                "reference": "c4ded0223a4e49ae45a2183a69f6afac5baf7250",
+                "url": "https://api.github.com/repos/marc1706/fast-image-size/zipball/3a3a2b036be20f43fa06ce00dfa754df503e6684",
+                "reference": "3a3a2b036be20f43fa06ce00dfa754df503e6684",
                 "shasum": ""
             },
             "require": {
@@ -363,9 +363,14 @@
                 "php": ">=5.3.0"
             },
             "require-dev": {
-                "phpunit/phpunit": "4.*"
+                "phpunit/phpunit": "^4.8"
             },
             "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.1.x-dev"
+                }
+            },
             "autoload": {
                 "psr-4": {
                     "FastImageSize\\": "lib",
@@ -394,7 +399,7 @@
                 "php",
                 "size"
             ],
-            "time": "2017-10-23T18:52:01+00:00"
+            "time": "2019-12-07T08:02:07+00:00"
         },
         {
             "name": "ocramius/proxy-manager",
@@ -510,22 +515,25 @@
         },
         {
             "name": "patchwork/utf8",
-            "version": "v1.3.1",
+            "version": "v1.3.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/tchwork/utf8.git",
-                "reference": "30ec6451aec7d2536f0af8fe535f70c764f2c47a"
+                "reference": "d296e0026e7ce10b2a9fe594feca9628ef00e9e8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/tchwork/utf8/zipball/30ec6451aec7d2536f0af8fe535f70c764f2c47a",
-                "reference": "30ec6451aec7d2536f0af8fe535f70c764f2c47a",
+                "url": "https://api.github.com/repos/tchwork/utf8/zipball/d296e0026e7ce10b2a9fe594feca9628ef00e9e8",
+                "reference": "d296e0026e7ce10b2a9fe594feca9628ef00e9e8",
                 "shasum": ""
             },
             "require": {
                 "lib-pcre": ">=7.3",
                 "php": ">=5.3.0"
             },
+            "require-dev": {
+                "symfony/phpunit-bridge": "^3.4|^4.4"
+            },
             "suggest": {
                 "ext-iconv": "Use iconv for best performance",
                 "ext-intl": "Use Intl for best performance",
@@ -565,20 +573,20 @@
                 "utf-8",
                 "utf8"
             ],
-            "time": "2016-05-18T13:57:10+00:00"
+            "time": "2019-12-03T14:44:12+00:00"
         },
         {
             "name": "psr/log",
-            "version": "1.1.0",
+            "version": "1.1.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/log.git",
-                "reference": "6c001f1daafa3a3ac1d8ff69ee4db8e799a654dd"
+                "reference": "446d54b4cb6bf489fc9d75f55843658e6f25d801"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/log/zipball/6c001f1daafa3a3ac1d8ff69ee4db8e799a654dd",
-                "reference": "6c001f1daafa3a3ac1d8ff69ee4db8e799a654dd",
+                "url": "https://api.github.com/repos/php-fig/log/zipball/446d54b4cb6bf489fc9d75f55843658e6f25d801",
+                "reference": "446d54b4cb6bf489fc9d75f55843658e6f25d801",
                 "shasum": ""
             },
             "require": {
@@ -587,7 +595,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.0.x-dev"
+                    "dev-master": "1.1.x-dev"
                 }
             },
             "autoload": {
@@ -612,7 +620,7 @@
                 "psr",
                 "psr-3"
             ],
-            "time": "2018-11-20T15:27:04+00:00"
+            "time": "2019-11-01T11:05:21+00:00"
         },
         {
             "name": "react/promise",
@@ -728,7 +736,7 @@
         },
         {
             "name": "symfony/config",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/config.git",
@@ -785,7 +793,7 @@
         },
         {
             "name": "symfony/console",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
@@ -846,7 +854,7 @@
         },
         {
             "name": "symfony/debug",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/debug.git",
@@ -903,7 +911,7 @@
         },
         {
             "name": "symfony/dependency-injection",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/dependency-injection.git",
@@ -966,7 +974,7 @@
         },
         {
             "name": "symfony/event-dispatcher",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/event-dispatcher.git",
@@ -1026,7 +1034,7 @@
         },
         {
             "name": "symfony/filesystem",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
@@ -1076,7 +1084,7 @@
         },
         {
             "name": "symfony/finder",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/finder.git",
@@ -1125,16 +1133,16 @@
         },
         {
             "name": "symfony/http-foundation",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/http-foundation.git",
-                "reference": "746f8d3638bf46ee8b202e62f2b214c3d61fb06a"
+                "reference": "3929d9fe8148d17819ad0178c748b8d339420709"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/http-foundation/zipball/746f8d3638bf46ee8b202e62f2b214c3d61fb06a",
-                "reference": "746f8d3638bf46ee8b202e62f2b214c3d61fb06a",
+                "url": "https://api.github.com/repos/symfony/http-foundation/zipball/3929d9fe8148d17819ad0178c748b8d339420709",
+                "reference": "3929d9fe8148d17819ad0178c748b8d339420709",
                 "shasum": ""
             },
             "require": {
@@ -1176,20 +1184,20 @@
             ],
             "description": "Symfony HttpFoundation Component",
             "homepage": "https://symfony.com",
-            "time": "2019-04-16T10:00:53+00:00"
+            "time": "2019-11-12T12:34:41+00:00"
         },
         {
             "name": "symfony/http-kernel",
-            "version": "v2.8.51",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/http-kernel.git",
-                "reference": "a01e2b4b267fda24dba9b06cd1c575ca87a51ad2"
+                "reference": "c3be27b8627cd5ee8dfa8d1b923982f618ec521c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/http-kernel/zipball/a01e2b4b267fda24dba9b06cd1c575ca87a51ad2",
-                "reference": "a01e2b4b267fda24dba9b06cd1c575ca87a51ad2",
+                "url": "https://api.github.com/repos/symfony/http-kernel/zipball/c3be27b8627cd5ee8dfa8d1b923982f618ec521c",
+                "reference": "c3be27b8627cd5ee8dfa8d1b923982f618ec521c",
                 "shasum": ""
             },
             "require": {
@@ -1198,7 +1206,8 @@
                 "symfony/debug": "^2.6.2",
                 "symfony/event-dispatcher": "^2.6.7|~3.0.0",
                 "symfony/http-foundation": "~2.7.36|~2.8.29|~3.1.6",
-                "symfony/polyfill-ctype": "~1.8"
+                "symfony/polyfill-ctype": "~1.8",
+                "symfony/polyfill-php56": "~1.8"
             },
             "conflict": {
                 "symfony/config": "<2.7",
@@ -1260,20 +1269,20 @@
             ],
             "description": "Symfony HttpKernel Component",
             "homepage": "https://symfony.com",
-            "time": "2019-04-17T16:42:28+00:00"
+            "time": "2019-11-13T08:36:16+00:00"
         },
         {
             "name": "symfony/polyfill-ctype",
-            "version": "v1.11.0",
+            "version": "v1.13.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "82ebae02209c21113908c229e9883c419720738a"
+                "reference": "f8f0b461be3385e56d6de3dbb5a0df24c0c275e3"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/82ebae02209c21113908c229e9883c419720738a",
-                "reference": "82ebae02209c21113908c229e9883c419720738a",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/f8f0b461be3385e56d6de3dbb5a0df24c0c275e3",
+                "reference": "f8f0b461be3385e56d6de3dbb5a0df24c0c275e3",
                 "shasum": ""
             },
             "require": {
@@ -1285,7 +1294,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.11-dev"
+                    "dev-master": "1.13-dev"
                 }
             },
             "autoload": {
@@ -1302,12 +1311,12 @@
             ],
             "authors": [
                 {
-                    "name": "Symfony Community",
-                    "homepage": "https://symfony.com/contributors"
+                    "name": "Gert de Pagter",
+                    "email": "BackEndTea@gmail.com"
                 },
                 {
-                    "name": "Gert de Pagter",
-                    "email": "backendtea@gmail.com"
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
                 }
             ],
             "description": "Symfony polyfill for ctype functions",
@@ -1318,20 +1327,20 @@
                 "polyfill",
                 "portable"
             ],
-            "time": "2019-02-06T07:57:58+00:00"
+            "time": "2019-11-27T13:56:44+00:00"
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.11.0",
+            "version": "v1.13.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "fe5e94c604826c35a32fa832f35bd036b6799609"
+                "reference": "7b4aab9743c30be783b73de055d24a39cf4b954f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/fe5e94c604826c35a32fa832f35bd036b6799609",
-                "reference": "fe5e94c604826c35a32fa832f35bd036b6799609",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/7b4aab9743c30be783b73de055d24a39cf4b954f",
+                "reference": "7b4aab9743c30be783b73de055d24a39cf4b954f",
                 "shasum": ""
             },
             "require": {
@@ -1343,7 +1352,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.11-dev"
+                    "dev-master": "1.13-dev"
                 }
             },
             "autoload": {
@@ -1377,20 +1386,20 @@
                 "portable",
                 "shim"
             ],
-            "time": "2019-02-06T07:57:58+00:00"
+            "time": "2019-11-27T14:18:11+00:00"
         },
         {
             "name": "symfony/polyfill-php54",
-            "version": "v1.11.0",
+            "version": "v1.13.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php54.git",
-                "reference": "2964b17ddc32dba7bcba009d5501c84d3fba1452"
+                "reference": "dd1618047426412036e98d159940d58a81fc392c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php54/zipball/2964b17ddc32dba7bcba009d5501c84d3fba1452",
-                "reference": "2964b17ddc32dba7bcba009d5501c84d3fba1452",
+                "url": "https://api.github.com/repos/symfony/polyfill-php54/zipball/dd1618047426412036e98d159940d58a81fc392c",
+                "reference": "dd1618047426412036e98d159940d58a81fc392c",
                 "shasum": ""
             },
             "require": {
@@ -1399,7 +1408,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.11-dev"
+                    "dev-master": "1.13-dev"
                 }
             },
             "autoload": {
@@ -1435,20 +1444,20 @@
                 "portable",
                 "shim"
             ],
-            "time": "2019-02-06T07:57:58+00:00"
+            "time": "2019-11-27T13:56:44+00:00"
         },
         {
             "name": "symfony/polyfill-php55",
-            "version": "v1.11.0",
+            "version": "v1.13.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php55.git",
-                "reference": "96fa25cef405ea452919559a0025d5dc16e30e4c"
+                "reference": "b0d838f225725e2951af1aafc784d2e5ea7b656e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php55/zipball/96fa25cef405ea452919559a0025d5dc16e30e4c",
-                "reference": "96fa25cef405ea452919559a0025d5dc16e30e4c",
+                "url": "https://api.github.com/repos/symfony/polyfill-php55/zipball/b0d838f225725e2951af1aafc784d2e5ea7b656e",
+                "reference": "b0d838f225725e2951af1aafc784d2e5ea7b656e",
                 "shasum": ""
             },
             "require": {
@@ -1458,7 +1467,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.11-dev"
+                    "dev-master": "1.13-dev"
                 }
             },
             "autoload": {
@@ -1491,11 +1500,119 @@
                 "portable",
                 "shim"
             ],
-            "time": "2019-02-06T07:57:58+00:00"
+            "time": "2019-11-27T13:56:44+00:00"
+        },
+        {
+            "name": "symfony/polyfill-php56",
+            "version": "v1.13.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-php56.git",
+                "reference": "53dd1cdf3cb986893ccf2b96665b25b3abb384f4"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-php56/zipball/53dd1cdf3cb986893ccf2b96665b25b3abb384f4",
+                "reference": "53dd1cdf3cb986893ccf2b96665b25b3abb384f4",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.3",
+                "symfony/polyfill-util": "~1.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.13-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Symfony\\Polyfill\\Php56\\": ""
+                },
+                "files": [
+                    "bootstrap.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony polyfill backporting some PHP 5.6+ features to lower PHP versions",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compatibility",
+                "polyfill",
+                "portable",
+                "shim"
+            ],
+            "time": "2019-11-27T13:56:44+00:00"
+        },
+        {
+            "name": "symfony/polyfill-util",
+            "version": "v1.13.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-util.git",
+                "reference": "964a67f293b66b95883a5ed918a65354fcd2258f"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-util/zipball/964a67f293b66b95883a5ed918a65354fcd2258f",
+                "reference": "964a67f293b66b95883a5ed918a65354fcd2258f",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.3"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.13-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Symfony\\Polyfill\\Util\\": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony utilities for portability of PHP codes",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compat",
+                "compatibility",
+                "polyfill",
+                "shim"
+            ],
+            "time": "2019-11-27T13:56:44+00:00"
         },
         {
             "name": "symfony/proxy-manager-bridge",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/proxy-manager-bridge.git",
@@ -1549,7 +1666,7 @@
         },
         {
             "name": "symfony/routing",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/routing.git",
@@ -1623,7 +1740,7 @@
         },
         {
             "name": "symfony/twig-bridge",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/twig-bridge.git",
@@ -1708,7 +1825,7 @@
         },
         {
             "name": "symfony/yaml",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/yaml.git",
@@ -2170,21 +2287,24 @@
         },
         {
             "name": "michelf/php-markdown",
-            "version": "1.8.0",
+            "version": "1.9.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/michelf/php-markdown.git",
-                "reference": "01ab082b355bf188d907b9929cd99b2923053495"
+                "reference": "c83178d49e372ca967d1a8c77ae4e051b3a3c75c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/michelf/php-markdown/zipball/01ab082b355bf188d907b9929cd99b2923053495",
-                "reference": "01ab082b355bf188d907b9929cd99b2923053495",
+                "url": "https://api.github.com/repos/michelf/php-markdown/zipball/c83178d49e372ca967d1a8c77ae4e051b3a3c75c",
+                "reference": "c83178d49e372ca967d1a8c77ae4e051b3a3c75c",
                 "shasum": ""
             },
             "require": {
                 "php": ">=5.3.0"
             },
+            "require-dev": {
+                "phpunit/phpunit": ">=4.3 <5.8"
+            },
             "type": "library",
             "autoload": {
                 "psr-4": {
@@ -2212,7 +2332,7 @@
             "keywords": [
                 "markdown"
             ],
-            "time": "2018-01-15T00:49:33+00:00"
+            "time": "2019-12-02T02:32:27+00:00"
         },
         {
             "name": "nikic/php-parser",
@@ -2363,33 +2483,33 @@
         },
         {
             "name": "phpspec/prophecy",
-            "version": "1.8.1",
+            "version": "1.10.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpspec/prophecy.git",
-                "reference": "1927e75f4ed19131ec9bcc3b002e07fb1173ee76"
+                "reference": "cbe1df668b3fe136bcc909126a0f529a78d4cbbc"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/1927e75f4ed19131ec9bcc3b002e07fb1173ee76",
-                "reference": "1927e75f4ed19131ec9bcc3b002e07fb1173ee76",
+                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/cbe1df668b3fe136bcc909126a0f529a78d4cbbc",
+                "reference": "cbe1df668b3fe136bcc909126a0f529a78d4cbbc",
                 "shasum": ""
             },
             "require": {
                 "doctrine/instantiator": "^1.0.2",
                 "php": "^5.3|^7.0",
-                "phpdocumentor/reflection-docblock": "^2.0|^3.0.2|^4.0",
-                "sebastian/comparator": "^1.1|^2.0|^3.0",
+                "phpdocumentor/reflection-docblock": "^2.0|^3.0.2|^4.0|^5.0",
+                "sebastian/comparator": "^1.2.3|^2.0|^3.0",
                 "sebastian/recursion-context": "^1.0|^2.0|^3.0"
             },
             "require-dev": {
-                "phpspec/phpspec": "^2.5|^3.2",
+                "phpspec/phpspec": "^2.5 || ^3.2",
                 "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.8.x-dev"
+                    "dev-master": "1.10.x-dev"
                 }
             },
             "autoload": {
@@ -2422,7 +2542,7 @@
                 "spy",
                 "stub"
             ],
-            "time": "2019-06-13T12:50:23+00:00"
+            "time": "2019-12-22T21:05:45+00:00"
         },
         {
             "name": "phpunit/dbunit",
@@ -3417,7 +3537,7 @@
         },
         {
             "name": "symfony/browser-kit",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/browser-kit.git",
@@ -3474,7 +3594,7 @@
         },
         {
             "name": "symfony/css-selector",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/css-selector.git",
@@ -3508,14 +3628,14 @@
                 "MIT"
             ],
             "authors": [
-                {
-                    "name": "Jean-François Simon",
-                    "email": "jeanfrancois.simon@sensiolabs.com"
-                },
                 {
                     "name": "Fabien Potencier",
                     "email": "fabien@symfony.com"
                 },
+                {
+                    "name": "Jean-François Simon",
+                    "email": "jeanfrancois.simon@sensiolabs.com"
+                },
                 {
                     "name": "Symfony Community",
                     "homepage": "https://symfony.com/contributors"
@@ -3527,7 +3647,7 @@
         },
         {
             "name": "symfony/dom-crawler",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/dom-crawler.git",
@@ -3584,7 +3704,7 @@
         },
         {
             "name": "symfony/process",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/process.git",

phpBB/develop/add_permissions.php

@@ -156,6 +156,7 @@ $u_permissions = array(
 	'u_download'	=> array(0, 1),
 	'u_attach'		=> array(0, 1),
 	'u_sig'			=> array(0, 1),
+	'u_emoji'		=> array(0, 1),
 	'u_pm_attach'	=> array(0, 1),
 	'u_pm_bbcode'	=> array(0, 1),
 	'u_pm_smilies'	=> array(0, 1),

phpBB/docs/CHANGELOG.html

@@ -50,6 +50,9 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v329rc1">Changes since 3.2.9-RC1</a></li>
+		<li><a href="#v328">Changes since 3.2.8</a></li>
+		<li><a href="#v328rc1">Changes since 3.2.8-RC1</a></li>
 		<li><a href="#v327">Changes since 3.2.7</a></li>
 		<li><a href="#v326">Changes since 3.2.6</a></li>
 		<li><a href="#v326rc1">Changes since 3.2.6-RC1</a></li>
@@ -139,6 +142,107 @@
 		<div class="inner">
 
 		<div class="content">
+			<a name="v329rc1"></a><h3>Changes since 3.2.9-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15592">PHPBB3-15592</a>] - &quot;Place inline&quot; button appears when BBcode is disabled (Post settings)</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16269">PHPBB3-16269</a>] - Sphinx backend indexes HTML markup as keywords</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16282">PHPBB3-16282</a>] - Default jQuery CDN URL is outdated on new installs</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16271">PHPBB3-16271</a>] - Add support for 3.3.x API documentation</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16279">PHPBB3-16279</a>] - Add permission for Emojii in topic title</li>
+			</ul>
+			<h4>Security</h4>
+			<ul>
+				<li>[SECURITY-249] - Group avatar overwrite on invalid submit</li>
+				<li>[SECURITY-250] - Group leader can be tricked into approving user</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[SECURITY-251] - Unwanted move of PMs to folders</li>
+				<li>[SECURITY-252] - PMs of unsuspecting users can be marked as important</li>
+				<li>[SECURITY-253] - PM export without proper validation</li>
+			</ul>
+
+			<a name="v328"></a><h3>Changes since 3.2.8</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14815">PHPBB3-14815</a>] - The facebook page link is not displayed properly in memberlist.php</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15643">PHPBB3-15643</a>] - $phpbb_filesystem-&gt;resolve_path() may trigger open_basedir restriction</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15902">PHPBB3-15902</a>] - Out of range error with Sphinx search</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16056">PHPBB3-16056</a>] - JPEG dimensions undetectable for some kind of jpeg files</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16076">PHPBB3-16076</a>] - Limit attachment size by extension group</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16141">PHPBB3-16141</a>] - plupload chunk_size calculation incorrect when one or more settings are 'unlimited'</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16150">PHPBB3-16150</a>] - Post title link urls not reliable when shared</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16156">PHPBB3-16156</a>] - Bots see both register and logout links in the navbar</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16157">PHPBB3-16157</a>] - Incorrect FORM_INVALID error message while sending email form</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16181">PHPBB3-16181</a>] - OAuth provider id needs to be quoted</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16184">PHPBB3-16184</a>] - Mark read button only works once</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16199">PHPBB3-16199</a>] - Guest posting CAPTCHA is being generated with no guest posting auth</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16209">PHPBB3-16209</a>] - Nginx example configuration file blocks an image in the ACP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16210">PHPBB3-16210</a>] - Terms of use should not be skippable</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16211">PHPBB3-16211</a>] - COPPA should not be skippable</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16216">PHPBB3-16216</a>] - Disable xdebug in travis builds</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16217">PHPBB3-16217</a>] - Enable opcache in travis CI builds</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16228">PHPBB3-16228</a>] - BBCode definitions with an optional attribute and a non-TEXT content are not merged correctly</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16242">PHPBB3-16242</a>] - Redirect loop when install folder doesn't exist</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16252">PHPBB3-16252</a>] - Ignore non-BBCodes when looking for unauthorized markup</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16257">PHPBB3-16257</a>] - Typo in Email Settings section</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16258">PHPBB3-16258</a>] - Sample Sphinx configuration file causes delta index to only include the most recent post</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16084">PHPBB3-16084</a>] - Pointless radio button for database backup in 3.2.7 </li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16139">PHPBB3-16139</a>] - Add core.viewtopic_modify_quick_reply_template_vars</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16140">PHPBB3-16140</a>] - Add new event to UCP Edit Profile Page</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16143">PHPBB3-16143</a>] - Add core events for move topics</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16144">PHPBB3-16144</a>] - NO_STYLE_DATA - Provide extra fallback to board's default style for $user.</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16146">PHPBB3-16146</a>] - Add core event for after move the forum</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16148">PHPBB3-16148</a>] - Add template events to acp_groups.html</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16151">PHPBB3-16151</a>] - Enable Emojis and rich text in forum name</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16153">PHPBB3-16153</a>] - Enable Emojis and rich text in topic title</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16159">PHPBB3-16159</a>] - Wrap post times in html time tag</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16174">PHPBB3-16174</a>] - Event for disabling cookie creation</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16182">PHPBB3-16182</a>] - Add core.generate_smilies_modify_rowset</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16183">PHPBB3-16183</a>] - Add core.generate_smilies_count_sql_before</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16203">PHPBB3-16203</a>] - Enable Emojis and rich text in sent Emails</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16247">PHPBB3-16247</a>] - Quote PM has no identifier</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16251">PHPBB3-16251</a>] - Shortened link text shouldn't override custom plugins</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15422">PHPBB3-15422</a>] - Remove the unnecessary helpline function and help_line variable</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16147">PHPBB3-16147</a>] - Updated tokens legend in BBCodes ACP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16160">PHPBB3-16160</a>] - Add script for generating package json file</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16172">PHPBB3-16172</a>] - Add &quot;Rank:&quot; or &quot;Group rank:&quot; in the memberlist</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16224">PHPBB3-16224</a>] - Update composer dependencies</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16246">PHPBB3-16246</a>] - Prettify and update README Automated Testing section</li>
+			</ul>
+
+			<a name="v328rc1"></a><h3>Changes since 3.2.8-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15467">PHPBB3-15467</a>] - Permission settings do not take affect when set using All YES/NO/NEVER</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16123">PHPBB3-16123</a>] - PHP error (Array to string conversion) on new user registration if email address is banned and &quot; Reason shown to the banned&quot; is empty</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16136">PHPBB3-16136</a>] - Missing word in 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' </li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16134">PHPBB3-16134</a>] - Exclude group leaders on group member purge</li>
+			</ul>
+			<h4>Security Issue</h4>
+			<ul>
+				<li>[SECURITY-243] - CSS injection via BBCode tag</li>
+				<li>[SECURITY-244] - Missing form token check when handling attachments</li>
+				<li>[SECURITY-246] - Missing form token check when managing BBCodes</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[SECURITY-247] - Disable MySQLi local infile to prevent local file inclusion</li>
+			</ul>
+
 			<a name="v327"></a><h3>Changes since 3.2.7</h3>
 			<h4>Bug</h4>
 			<ul>
@@ -193,7 +297,6 @@
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16078">PHPBB3-16078</a>] - Use chrome webdriver for UI tests</li>
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16089">PHPBB3-16089</a>] - Add core.confirm_box_ajax_before</li>
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16097">PHPBB3-16097</a>] - Add core.viewtopic_gen_sort_selects_before</li>
-				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16101">PHPBB3-16101</a>] - Add Referrer-Policy header</li>
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16102">PHPBB3-16102</a>] - Add core.posting_modify_post_subject</li>
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16103">PHPBB3-16103</a>] - Add core.pm_modify_message_subject</li>
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16106">PHPBB3-16106</a>] - Add core.mcp_main_before</li>
@@ -212,6 +315,10 @@
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16112">PHPBB3-16112</a>] - Update composer dependencies to latest</li>
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16119">PHPBB3-16119</a>] - The text input for poll question has a too high maxlength attribute</li>
 			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16101">PHPBB3-16101</a>] - Add Referrer-Policy header</li>
+			</ul>
 
 			<a name="v326"></a><h3>Changes since 3.2.6</h3>
 			<h4>Bug</h4>

phpBB/docs/CREDITS.txt

@@ -1,7 +1,7 @@
 /**
 *
-* phpBB © Copyright phpBB Limited 2003-2016
-* http://www.phpbb.com
+* phpBB © Copyright phpBB Limited 2003-2019
+* https://www.phpbb.com
 *
 * phpBB is free software. You can redistribute it and/or modify it
 * under the terms of the GNU General Public License, version 2 (GPL-2.0)
@@ -27,7 +27,6 @@ phpBB Developers:        bantu (Andreas Fischer)
                          Derky (Derk Ruitenbeek)
                          Elsensee (Oliver Schramm)
                          Hanakin (Michael Miday)
-                         MichaelC (Michael Cullum)
                          Nicofuma (Tristan Darricau)
                          rubencm (Rubén Calvo)
 
@@ -63,6 +62,7 @@ phpBB Developers:        A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
                          igorw (Igor Wiedler)          [08/2010 - 02/2013]
                          imkingdavid (David King)      [11/2012 - 06/2014]
                          kellanved (Henry Sudhof)      [04/2007 - 03/2011]
+                         MichaelC (Michael Cullum)     [11/2017 - 09/2019]
                          nickvergessen (Joas Schilling)[04/2010 - 12/2015]
                          Oleg (Oleg Pudeyev)           [01/2011 - 05/2013]
                          prototech (Cesar Gallegos)    [01/2014 - 12/2016]

phpBB/docs/events.md

@@ -172,6 +172,18 @@ acp_group_options_before
 * Since: 3.1.0-b4
 * Purpose: Add additional options to group settings (before GROUP_FOUNDER_MANAGE)
 
+acp_group_types_append
+===
+* Location: adm/style/acp_groups.html
+* Since: 3.2.9-RC1
+* Purpose: Add additional group type options to group settings (append the list)
+
+acp_group_types_prepend
+===
+* Location: adm/style/acp_groups.html
+* Since: 3.2.9-RC1
+* Purpose: Add additional group type options to group settings (prepend the list)
+
 acp_groups_find_username_append
 ===
 * Location: adm/style/acp_groups.html
@@ -2634,6 +2646,13 @@ ucp_profile_profile_info_before
 * Since: 3.1.4-RC1
 * Purpose: Add options in profile page fieldset - before jabber field.
 
+ucp_profile_profile_info_birthday_label_append
+===
+* Locations:
+    + styles/prosilver/template/ucp_profile_profile_info.html
+* Since: 3.2.9-RC1
+* Purpose: Add more text to birthday label, such as required asterisk
+
 ucp_profile_register_details_after
 ===
 * Locations:

phpBB/docs/nginx.sample.conf

@@ -70,7 +70,7 @@ http {
         }
 
         # Deny access to internal phpbb files.
-        location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
+        location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
             deny all;
             # deny was ignored before 0.8.40 for connections over IPv6.
             # Use internal directive to prohibit access on older versions.
@@ -93,7 +93,7 @@ http {
         # Correctly pass scripts for installer
         location /install/ {
             # phpBB uses index.htm
-            try_files $uri $uri/ @rewrite_installapp;
+            try_files $uri $uri/ @rewrite_installapp =404;
 
             # Pass the php scripts to fastcgi server specified in upstream declaration.
             location ~ \.php(/|$) {
@@ -104,7 +104,7 @@ http {
                 fastcgi_param PATH_INFO $fastcgi_path_info;
                 fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                 fastcgi_param DOCUMENT_ROOT $realpath_root;
-                try_files $uri $uri/ /install/app.php$is_args$args;
+                try_files $uri $uri/ /install/app.php$is_args$args =404;
                 fastcgi_pass php;
             }
         }

phpBB/docs/sphinx.sample.conf

@@ -41,7 +41,7 @@ source source_phpbb_{SPHINX_ID}_main
 }
 source source_phpbb_{SPHINX_ID}_delta : source_phpbb_{SPHINX_ID}_main
 {
-	sql_query_pre =
+	sql_query_pre = SET NAMES 'utf8'
 	sql_query_range =
 	sql_range_step =
 	sql_query = SELECT \
@@ -61,7 +61,7 @@ source source_phpbb_{SPHINX_ID}_delta : source_phpbb_{SPHINX_ID}_main
 						WHERE \
 							p.topic_id = t.topic_id \
 							AND p.post_id >= ( SELECT max_doc_id FROM phpbb_sphinx WHERE counter_id=1 )
-	sql_query_pre =
+	sql_query_post_index =
 }
 index index_phpbb_{SPHINX_ID}_main
 {
@@ -74,6 +74,7 @@ index index_phpbb_{SPHINX_ID}_main
 	charset_table = U+FF10..U+FF19->0..9, 0..9, U+FF41..U+FF5A->a..z, U+FF21..U+FF3A->a..z, A..Z->a..z, a..z, U+0149, U+017F, U+0138, U+00DF, U+00FF, U+00C0..U+00D6->U+00E0..U+00F6, U+00E0..U+00F6, U+00D8..U+00DE->U+00F8..U+00FE, U+00F8..U+00FE, U+0100->U+0101, U+0101, U+0102->U+0103, U+0103, U+0104->U+0105, U+0105, U+0106->U+0107, U+0107, U+0108->U+0109, U+0109, U+010A->U+010B, U+010B, U+010C->U+010D, U+010D, U+010E->U+010F, U+010F, U+0110->U+0111, U+0111, U+0112->U+0113, U+0113, U+0114->U+0115, U+0115, U+0116->U+0117, U+0117, U+0118->U+0119, U+0119, U+011A->U+011B, U+011B, U+011C->U+011D, U+011D, U+011E->U+011F, U+011F, U+0130->U+0131, U+0131, U+0132->U+0133, U+0133, U+0134->U+0135, U+0135, U+0136->U+0137, U+0137, U+0139->U+013A, U+013A, U+013B->U+013C, U+013C, U+013D->U+013E, U+013E, U+013F->U+0140, U+0140, U+0141->U+0142, U+0142, U+0143->U+0144, U+0144, U+0145->U+0146, U+0146, U+0147->U+0148, U+0148, U+014A->U+014B, U+014B, U+014C->U+014D, U+014D, U+014E->U+014F, U+014F, U+0150->U+0151, U+0151, U+0152->U+0153, U+0153, U+0154->U+0155, U+0155, U+0156->U+0157, U+0157, U+0158->U+0159, U+0159, U+015A->U+015B, U+015B, U+015C->U+015D, U+015D, U+015E->U+015F, U+015F, U+0160->U+0161, U+0161, U+0162->U+0163, U+0163, U+0164->U+0165, U+0165, U+0166->U+0167, U+0167, U+0168->U+0169, U+0169, U+016A->U+016B, U+016B, U+016C->U+016D, U+016D, U+016E->U+016F, U+016F, U+0170->U+0171, U+0171, U+0172->U+0173, U+0173, U+0174->U+0175, U+0175, U+0176->U+0177, U+0177, U+0178->U+00FF, U+00FF, U+0179->U+017A, U+017A, U+017B->U+017C, U+017C, U+017D->U+017E, U+017E, U+0410..U+042F->U+0430..U+044F, U+0430..U+044F, U+4E00..U+9FFF
 	min_prefix_len = 0
 	min_infix_len = 0
+	html_strip = 1
 }
 index index_phpbb_{SPHINX_ID}_delta : index_phpbb_{SPHINX_ID}_main
 {

phpBB/includes/acp/acp_bbcodes.php

@@ -33,7 +33,6 @@ class acp_bbcodes
 		// Set up general vars
 		$action	= $request->variable('action', '');
 		$bbcode_id = $request->variable('bbcode', 0);
-		$submit = $request->is_set_post('submit');
 
 		$this->tpl_name = 'acp_bbcodes';
 		$this->page_title = 'ACP_BBCODES';
@@ -41,11 +40,6 @@ class acp_bbcodes
 
 		add_form_key($form_key);
 
-		if ($submit && !check_form_key($form_key))
-		{
-			trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
-		}
-
 		// Set up mode-specific vars
 		switch ($action)
 		{
@@ -179,6 +173,12 @@ class acp_bbcodes
 				extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars)));
 
 				$warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl);
+
+				if (!$warn_text && !check_form_key($form_key))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				if (!$warn_text || confirm_box(true))
 				{
 					$data = $this->build_regexp($bbcode_match, $bbcode_tpl);
@@ -211,11 +211,6 @@ class acp_bbcodes
 						$test = $data['bbcode_tag'];
 					}
 
-					if (!preg_match('%\\[' . $test . '[^]]*].*?\\[/' . $test . ']%s', $bbcode_match))
-					{
-						trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING);
-					}
-
 					if (strlen($data['bbcode_tag']) > 16)
 					{
 						trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);

phpBB/includes/acp/acp_database.php

@@ -58,7 +58,6 @@ class acp_database
 						$type	= $request->variable('type', '');
 						$table	= array_intersect($this->db_tools->sql_list_tables(), $request->variable('table', array('')));
 						$format	= $request->variable('method', '');
-						$where	= $request->variable('where', '');
 
 						if (!count($table))
 						{
@@ -70,12 +69,9 @@ class acp_database
 							trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 						}
 
-						$store = $structure = $schema_data = false;
-
-						if ($where == 'store')
-						{
-							$store = true;
-						}
+						$store = true;
+						$structure = false;
+						$schema_data = false;
 
 						if ($type == 'full' || $type == 'structure')
 						{

phpBB/includes/acp/acp_forums.php

@@ -986,10 +986,20 @@ class acp_forums
 			$errors[] = $user->lang['FORUM_NAME_EMPTY'];
 		}
 
-		// No Emojis
+		/**
+		 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySql to UCR / NCR.
+		 * Using their Numeric Character Reference's Hexadecimal notation.
+		 */
+		$forum_data_ary['forum_name'] = utf8_encode_ucr($forum_data_ary['forum_name']);
+
+		/**
+		 * This should never happen again.
+		 * Leaving the fallback here just in case there will be the need of it.
+		 */
 		if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $forum_data_ary['forum_name'], $matches))
 		{
 			$character_list = implode('<br>', $matches[0]);
+
 			$errors[] = $user->lang('FORUM_NAME_EMOJI', $character_list);
 		}
 
@@ -1423,8 +1433,8 @@ class acp_forums
 		* This event may be triggered, when a forum is deleted
 		*
 		* @event core.acp_manage_forums_move_children
-		* @var	int		from_id		If of the current parent forum
-		* @var	int		to_id		If of the new parent forum
+		* @var	int		from_id		Id of the current parent forum
+		* @var	int		to_id		Id of the new parent forum
 		* @var	array	errors		Array of errors, should be strings and not
 		*							language key.
 		* @since 3.1.0-a1
@@ -1529,8 +1539,8 @@ class acp_forums
 		* Event when we move content from one forum to another
 		*
 		* @event core.acp_manage_forums_move_content
-		* @var	int		from_id		If of the current parent forum
-		* @var	int		to_id		If of the new parent forum
+		* @var	int		from_id		Id of the current parent forum
+		* @var	int		to_id		Id of the new parent forum
 		* @var	bool	sync		Shall we sync the "to"-forum's data
 		* @var	array	errors		Array of errors, should be strings and not
 		*							language key. If this array is not empty,
@@ -1576,6 +1586,19 @@ class acp_forums
 			$db->sql_query($sql);
 		}
 
+		/**
+		 * Event when content has been moved from one forum to another
+		 *
+		 * @event core.acp_manage_forums_move_content_after
+		 * @var	int		from_id		Id of the current parent forum
+		 * @var	int		to_id		Id of the new parent forum
+		 * @var	bool	sync		Shall we sync the "to"-forum's data
+		 *
+		 * @since 3.2.9-RC1
+		 */
+		$vars = array('from_id', 'to_id', 'sync');
+		extract($phpbb_dispatcher->trigger_event('core.acp_manage_forums_move_content_after', compact($vars)));
+
 		if ($sync)
 		{
 			// Delete ghost topics that link back to the same forum then resync counters

phpBB/includes/acp/acp_prune.php

@@ -537,6 +537,7 @@ class acp_prune
 					AND ug.user_id <> ' . ANONYMOUS . '
 					AND u.user_type <> ' . USER_FOUNDER . '
 					AND ug.user_pending = 0
+					AND ug.group_leader = 0
 					AND u.user_id = ug.user_id
 					' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : '');
 			$result = $db->sql_query($sql);

phpBB/includes/constants.php

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-@define('PHPBB_VERSION', '3.2.8-RC1');
+@define('PHPBB_VERSION', '3.2.9');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/includes/functions_admin.php

@@ -543,6 +543,20 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
 		$topic_ids = array($topic_ids);
 	}
 
+	/**
+	 * Perform additional actions before topics move
+	 *
+	 * @event core.move_topics_before
+	 * @var	array	topic_ids	Array of the moved topic ids
+	 * @var	string	forum_id	The forum id from where the topics are moved
+	 * @since 3.2.9-RC1
+	 */
+	$vars = array(
+		'topic_ids',
+		'forum_id',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.move_topics_before', compact($vars)));
+
 	$sql = 'DELETE FROM ' . TOPICS_TABLE . '
 		WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids) . '
 			AND forum_id = ' . $forum_id;
@@ -593,6 +607,22 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
 	}
 	unset($table_ary);
 
+	/**
+	 * Perform additional actions after topics move
+	 *
+	 * @event core.move_topics_after
+	 * @var	array	topic_ids	Array of the moved topic ids
+	 * @var	string	forum_id	The forum id from where the topics were moved
+	 * @var	array	forum_ids	Array of the forums where the topics were moved (includes also forum_id)
+	 * @since 3.2.9-RC1
+	 */
+	$vars = array(
+		'topic_ids',
+		'forum_id',
+		'forum_ids',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.move_topics_after', compact($vars)));
+
 	if ($auto_sync)
 	{
 		sync('forum', 'forum_id', $forum_ids, true, true);

phpBB/includes/functions_display.php

@@ -70,7 +70,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				$data = array(
 					'NO_UNREAD_POSTS'	=> $user->lang['NO_UNREAD_POSTS'],
 					'UNREAD_POSTS'		=> $user->lang['UNREAD_POSTS'],
-					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time()) : '',
+					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time(), false) : '',
 					'MESSAGE_TITLE'		=> $user->lang['INFORMATION'],
 					'MESSAGE_TEXT'		=> $user->lang['FORUMS_MARKED']
 				);
@@ -355,7 +355,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				$data = array(
 					'NO_UNREAD_POSTS'	=> $user->lang['NO_UNREAD_POSTS'],
 					'UNREAD_POSTS'		=> $user->lang['UNREAD_POSTS'],
-					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&f=' . $root_data['forum_id'] . '&mark=forums&mark_time=' . time()) : '',
+					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&f=' . $root_data['forum_id'] . '&mark=forums&mark_time=' . time(), false) : '',
 					'MESSAGE_TITLE'		=> $user->lang['INFORMATION'],
 					'MESSAGE_TEXT'		=> $user->lang['FORUMS_MARKED']
 				);
@@ -539,7 +539,8 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		{
 			if ($row['forum_password_last_post'] === '' && $auth->acl_gets('f_read', 'f_list_topics', $row['forum_id_last_post']))
 			{
-				$last_post_subject = censor_text($row['forum_last_post_subject']);
+				$last_post_subject = utf8_decode_ncr(censor_text($row['forum_last_post_subject']));
+
 				$last_post_subject_truncated = truncate_string($last_post_subject, 30, 255, false, $user->lang['ELLIPSIS']);
 			}
 			else
@@ -547,11 +548,12 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				$last_post_subject = $last_post_subject_truncated = '';
 			}
 			$last_post_time = $user->format_date($row['forum_last_post_time']);
+			$last_post_time_rfc3339 = gmdate(DATE_RFC3339, $row['forum_last_post_time']);
 			$last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id'];
 		}
 		else
 		{
-			$last_post_subject = $last_post_time = $last_post_url = $last_post_subject_truncated = '';
+			$last_post_subject = $last_post_time = $last_post_time_rfc3339 = $last_post_url = $last_post_subject_truncated = '';
 		}
 
 		// Output moderator listing ... if applicable
@@ -622,6 +624,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'LAST_POST_SUBJECT'		=> $last_post_subject,
 			'LAST_POST_SUBJECT_TRUNCATED'	=> $last_post_subject_truncated,
 			'LAST_POST_TIME'		=> $last_post_time,
+			'LAST_POST_TIME_RFC3339'=> $last_post_time_rfc3339,
 			'LAST_POSTER'			=> get_username_string('username', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
 			'LAST_POSTER_COLOUR'	=> get_username_string('colour', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
 			'LAST_POSTER_FULL'		=> get_username_string('full', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
@@ -1117,7 +1120,6 @@ function display_custom_bbcodes()
 			'BBCODE_TAG'		=> $row['bbcode_tag'],
 			'BBCODE_TAG_CLEAN'	=> str_replace('=', '-', $row['bbcode_tag']),
 			'BBCODE_HELPLINE'	=> $row['bbcode_helpline'],
-			'A_BBCODE_HELPLINE'	=> str_replace(array('&amp;', '&quot;', "'", '&lt;', '&gt;'), array('&', '"', "\'", '<', '>'), $row['bbcode_helpline']),
 		);
 
 		/**

phpBB/includes/functions_messenger.php

@@ -1893,14 +1893,21 @@ function mail_encode($str, $eol = "\r\n")
 }
 
 /**
-* Wrapper for sending out emails with the PHP's mail function
-*/
+ * Wrapper for sending out emails with the PHP's mail function
+ */
 function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg)
 {
 	global $config, $phpbb_root_path, $phpEx;
 
-	// We use the EOL character for the OS here because the PHP mail function does not correctly transform line endings. On Windows SMTP is used (SMTP is \r\n), on UNIX a command is used...
-	// Reference: http://bugs.php.net/bug.php?id=15841
+	// Convert Numeric Character References to UTF-8 chars (ie. Emojis)
+	$subject = utf8_decode_ncr($subject);
+	$msg = utf8_decode_ncr($msg);
+
+	/**
+	 * We use the EOL character for the OS here because the PHP mail function does not correctly transform line endings.
+	 * On Windows SMTP is used (SMTP is \r\n), on UNIX a command is used...
+	 * Reference: http://bugs.php.net/bug.php?id=15841
+	 */
 	$headers = implode($eol, $headers);
 
 	if (!class_exists('\phpbb\error_collector'))
@@ -1911,10 +1918,14 @@ function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg)
 	$collector = new \phpbb\error_collector;
 	$collector->install();
 
-	// On some PHP Versions mail() *may* fail if there are newlines within the subject.
-	// Newlines are used as a delimiter for lines in mail_encode() according to RFC 2045 section 6.8.
-	// Because PHP can't decide what is wanted we revert back to the non-RFC-compliant way of separating by one space (Use '' as parameter to mail_encode() results in SPACE used)
+	/**
+	 * On some PHP Versions mail() *may* fail if there are newlines within the subject.
+	 * Newlines are used as a delimiter for lines in mail_encode() according to RFC 2045 section 6.8.
+	 * Because PHP can't decide what is wanted we revert back to the non-RFC-compliant way of separating by one space
+	 * (Use '' as parameter to mail_encode() results in SPACE used)
+	 */
 	$additional_parameters = $config['email_force_sender'] ? '-f' . $config['board_email'] : '';
+
 	$result = mail($to, mail_encode($subject, ''), wordwrap(utf8_wordwrap($msg), 997, "\n", true), $headers, $additional_parameters);
 
 	$collector->uninstall();

phpBB/includes/functions_posting.php

@@ -52,9 +52,29 @@ function generate_smilies($mode, $forum_id)
 
 		page_header($user->lang['SMILIES']);
 
-		$sql = 'SELECT COUNT(smiley_id) AS item_count
-			FROM ' . SMILIES_TABLE . '
-			GROUP BY smiley_url';
+		$sql_ary = [
+			'SELECT'	=> 'COUNT(s.smiley_id) AS item_count',
+			'FROM'		=> [
+				SMILIES_TABLE => 's',
+			],
+			'GROUP_BY'	=> 's.smiley_url',
+		];
+
+		/**
+		* Modify SQL query that fetches the total number of smilies in window mode
+		*
+		* @event core.generate_smilies_count_sql_before
+		* @var int		forum_id	Forum where smilies are generated
+		* @var array	sql_ary		Array with the SQL query
+		* @since 3.2.9-RC1
+		*/
+		$vars = [
+			'forum_id',
+			'sql_ary',
+		];
+		extract($phpbb_dispatcher->trigger_event('core.generate_smilies_count_sql_before', compact($vars)));
+
+		$sql = $db->sql_build_query('SELECT', $sql_ary);
 		$result = $db->sql_query($sql, 3600);
 
 		$smiley_count = 0;
@@ -114,6 +134,22 @@ function generate_smilies($mode, $forum_id)
 	}
 	$db->sql_freeresult($result);
 
+	/**
+	* Modify smilies before they are assigned to the template
+	*
+	* @event core.generate_smilies_modify_rowset
+	* @var string	mode		Smiley mode, either window or inline
+	* @var int		forum_id	Forum where smilies are generated
+	* @var array	smilies		Smiley rows fetched from the database
+	* @since 3.2.9-RC1
+	*/
+	$vars = [
+		'mode',
+		'forum_id',
+		'smilies',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.generate_smilies_modify_rowset', compact($vars)));
+
 	if (count($smilies))
 	{
 		$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_path_helper->get_web_root_path();

phpBB/includes/functions_user.php

@@ -1945,9 +1945,10 @@ function validate_user_email($email, $allowed_email = false)
 		return $validate_email;
 	}
 
-	if (($ban = $user->check_ban(false, false, $email, true)) !== false)
+	$ban = $user->check_ban(false, false, $email, true);
+	if (!empty($ban))
 	{
-		return ($ban === true) ? 'EMAIL_BANNED' : (!empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : $ban);
+		return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED';
 	}
 
 	if (!$config['allow_emailreuse'])

phpBB/includes/message_parser.php

@@ -1524,6 +1524,35 @@ class parse_message extends bbcode_firstpass
 		}
 	}
 
+	/**
+	 * Check attachment form token depending on submit type
+	 *
+	 * @param \phpbb\language\language $language Language
+	 * @param \phpbb\request\request_interface $request Request
+	 * @param string $form_name Form name for checking form key
+	 *
+	 * @return bool True if form token is not needed or valid, false if needed and invalid
+	 */
+	function check_attachment_form_token(\phpbb\language\language $language, \phpbb\request\request_interface $request, $form_name)
+	{
+		$add_file = $request->is_set_post('add_file');
+		$delete_file = $request->is_set_post('delete_file');
+
+		if (($add_file || $delete_file) && !check_form_key($form_name))
+		{
+			$this->warn_msg[] = $language->lang('FORM_INVALID');
+
+			if ($request->is_ajax() && $this->plupload)
+			{
+				$this->plupload->emit_error(-400, 'FORM_INVALID');
+			}
+
+			return false;
+		}
+
+		return true;
+	}
+
 	/**
 	* Parse Attachments
 	*/

phpBB/includes/ucp/ucp_groups.php

@@ -534,7 +534,12 @@ class ucp_groups
 								'teampage'	=> $group_row['group_teampage'],
 							);
 
-							if ($config['allow_avatar'])
+							if (!check_form_key('ucp_groups'))
+							{
+								$error[] = $user->lang['FORM_INVALID'];
+							}
+
+							if (!count($error) && $config['allow_avatar'])
 							{
 								// Handle avatar
 								$driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
@@ -556,11 +561,6 @@ class ucp_groups
 								$error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error));
 							}
 
-							if (!check_form_key('ucp_groups'))
-							{
-								$error[] = $user->lang['FORM_INVALID'];
-							}
-
 							// Validate submitted colour value
 							if ($colour_error = validate_data($submit_ary, array('colour'	=> array('hex_colour', true))))
 							{
@@ -875,6 +875,11 @@ class ucp_groups
 							trigger_error($user->lang['NO_GROUP'] . $return_page);
 						}
 
+						if (!check_form_key('ucp_groups'))
+						{
+							trigger_error($user->lang('FORM_INVALID') . $return_page);
+						}
+
 						if (!($row = group_memberships($group_id, $user->data['user_id'])))
 						{
 							trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);

phpBB/includes/ucp/ucp_pm.php

@@ -193,6 +193,8 @@ class ucp_pm
 					trigger_error('NO_AUTH_READ_HOLD_MESSAGE');
 				}
 
+				add_form_key('ucp_pm_view');
+
 				// First Handle Mark actions and moving messages
 				$submit_mark	= (isset($_POST['submit_mark'])) ? true : false;
 				$move_pm		= (isset($_POST['move_pm'])) ? true : false;
@@ -207,6 +209,11 @@ class ucp_pm
 					$submit_mark = false;
 				}
 
+				if (($move_pm || $submit_mark) && !check_form_key('ucp_pm_view'))
+				{
+					trigger_error('FORM_INVALID');
+				}
+
 				// Move PM
 				if ($move_pm)
 				{

phpBB/includes/ucp/ucp_pm_compose.php

@@ -26,7 +26,7 @@ if (!defined('IN_PHPBB'))
 function compose_pm($id, $mode, $action, $user_folders = array())
 {
 	global $template, $db, $auth, $user, $cache;
-	global $phpbb_root_path, $phpEx, $config;
+	global $phpbb_root_path, $phpEx, $config, $language;
 	global $request, $phpbb_dispatcher, $phpbb_container;
 
 	// Damn php and globals - i know, this is horrible
@@ -799,7 +799,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars)));
 
 		// Parse Attachments - before checksum is calculated
-		$message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
+		if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose'))
+		{
+			$message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
+		}
 
 		if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc))
 		{
@@ -996,7 +999,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		{
 			$quote_attributes['post_id'] = $post['msg_id'];
 		}
-
+		if ($action === 'quote')
+		{
+			$quote_attributes['msg_id'] = $post['msg_id'];
+		}
 		/** @var \phpbb\language\language $language */
 		$language = $phpbb_container->get('language');
 		/** @var \phpbb\textformatter\utils_interface $text_formatter_utils */

phpBB/includes/ucp/ucp_pm_viewfolder.php

@@ -32,6 +32,8 @@ function view_folder($id, $mode, $folder_id, $folder)
 
 	$folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']);
 
+	add_form_key('ucp_pm_view_folder');
+
 	if (!$submit_export)
 	{
 		$user->add_lang('viewforum');
@@ -197,6 +199,11 @@ function view_folder($id, $mode, $folder_id, $folder)
 		$enclosure = $request->variable('enclosure', '');
 		$delimiter = $request->variable('delimiter', '');
 
+		if (!check_form_key('ucp_pm_view_folder'))
+		{
+			trigger_error('FORM_INVALID');
+		}
+
 		if ($export_type == 'CSV' && ($delimiter === '' || $enclosure === ''))
 		{
 			$template->assign_var('PROMPT', true);

phpBB/includes/ucp/ucp_register.php

@@ -39,12 +39,23 @@ class ucp_register
 			trigger_error('UCP_REGISTER_DISABLE');
 		}
 
-		$coppa			= $request->is_set('coppa') ? (int) $request->variable('coppa', false) : false;
+		$coppa			= $request->is_set('coppa_yes') ? 1 : ($request->is_set('coppa_no') ? 0 : false);
+		$coppa			= $request->is_set('coppa') ? $request->variable('coppa', 0) : $coppa;
 		$agreed			= $request->variable('agreed', false);
 		$submit			= $request->is_set_post('submit');
 		$change_lang	= $request->variable('change_lang', '');
 		$user_lang		= $request->variable('lang', $user->lang_name);
 
+		if ($agreed && !check_form_key('ucp_register'))
+		{
+			$agreed = false;
+		}
+
+		if ($coppa !== false && !check_form_key('ucp_register'))
+		{
+			$coppa = false;
+		}
+
 		/**
 		* Add UCP register data before they are assigned to the template or submitted
 		*
@@ -67,14 +78,7 @@ class ucp_register
 		);
 		extract($phpbb_dispatcher->trigger_event('core.ucp_register_requests_after', compact($vars)));
 
-		if ($agreed)
-		{
-			add_form_key('ucp_register');
-		}
-		else
-		{
-			add_form_key('ucp_register_terms');
-		}
+		add_form_key('ucp_register');
 
 		if ($change_lang || $user_lang != $config['default_lang'])
 		{
@@ -168,11 +172,8 @@ class ucp_register
 
 				$template_vars = array(
 					'S_LANG_OPTIONS'	=> (count($lang_row) > 1) ? language_select($user_lang) : '',
-					'L_COPPA_NO'		=> sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday),
-					'L_COPPA_YES'		=> sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday),
-
-					'U_COPPA_NO'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=0'),
-					'U_COPPA_YES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=1'),
+					'L_COPPA_NO'		=> $user->lang('UCP_COPPA_BEFORE', $coppa_birthday),
+					'L_COPPA_YES'		=> $user->lang('UCP_COPPA_ON_AFTER', $coppa_birthday),
 
 					'S_SHOW_COPPA'		=> true,
 					'S_HIDDEN_FIELDS'	=> build_hidden_fields($s_hidden_fields),

phpBB/includes/utf/utf_tools.php

@@ -418,24 +418,43 @@ function utf8_recode($string, $encoding)
 }
 
 /**
-* Replace all UTF-8 chars that are not in ASCII with their NCR
-*
-* @param	string	$text		UTF-8 string in NFC
-* @return	string				ASCII string using NCRs for non-ASCII chars
-*/
+ * Replace some special UTF-8 chars that are not in ASCII with their UCR.
+ * using their Numeric Character Reference's Hexadecimal notation.
+ *
+ * Doesn't interfere with Japanese or Cyrillic etc.
+ * Unicode character visualization will depend on the character support
+ * of your web browser and the fonts installed on your system.
+ *
+ * @see https://en.wikibooks.org/wiki/Unicode/Character_reference/1F000-1FFFF
+ *
+ * @param	string	$text		UTF-8 string in NFC
+ * @return	string				ASCII string using NCR for non-ASCII chars
+ */
+function utf8_encode_ucr($text)
+{
+	return preg_replace_callback('/[\\xF0-\\xF4].../', 'utf8_encode_ncr_callback', $text);
+}
+
+/**
+ * Replace all UTF-8 chars that are not in ASCII with their NCR
+ * using their Numeric Character Reference's Hexadecimal notation.
+ *
+ * @param	string	$text		UTF-8 string in NFC
+ * @return	string				ASCII string using NCRs for non-ASCII chars
+ */
 function utf8_encode_ncr($text)
 {
 	return preg_replace_callback('#[\\xC2-\\xF4][\\x80-\\xBF]{1,3}#', 'utf8_encode_ncr_callback', $text);
 }
 
 /**
-* Callback used in encode_ncr()
-*
-* Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array
-*
-* @param	array	$m			0-based numerically indexed array passed by preg_replace_callback()
-* @return	string				A HTML NCR if the character is valid, or the original string otherwise
-*/
+ * Callback used in utf8_encode_ncr() and utf8_encode_ucr()
+ *
+ * Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array
+ *
+ * @param	array	$m			0-based numerically indexed array passed by preg_replace_callback()
+ * @return	string				A HTML NCR if the character is valid, or the original string otherwise
+ */
 function utf8_encode_ncr_callback($m)
 {
 	return '&#' . utf8_ord($m[0]) . ';';

phpBB/install/convertors/convert_phpbb20.php

@@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.2.8',
+	'phpbb_version'	=> '3.2.9',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Limited</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,

phpBB/install/phpbbcli.php

@@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli')
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
 define('PHPBB_ENVIRONMENT', 'production');
-define('PHPBB_VERSION', '3.2.8-RC1');
+define('PHPBB_VERSION', '3.2.9');
 $phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 

phpBB/install/schemas/schema_data.sql

@@ -185,7 +185,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_cpf_viewprofi
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_cpf_viewtopic', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_db_lastread', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_db_track', '1');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jquery_url', '//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jquery_url', '//ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jumpbox', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_moderators', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_notifications', '1');
@@ -279,7 +279,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.2.8-RC1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.2.9');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 
@@ -421,6 +421,7 @@ INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chgname', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chgpasswd', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chgprofileinfo', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_download', 1);
+INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_emoji', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_hideonline', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_ignoreflood', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_masspm', 1);

phpBB/language/en/acp/board.php

@@ -590,7 +590,7 @@ $lang = array_merge($lang, array(
 	'SMTP_PORT'						=> 'SMTP server port',
 	'SMTP_PORT_EXPLAIN'				=> 'Only change this if you know your SMTP server is on a different port.',
 	'SMTP_SERVER'					=> 'SMTP server address',
-	'SMTP_SERVER_EXPLAIN'			=> 'Do not provide a protocol (<samp>ssl://</samp> or <samp>tsl://</samp>) unless your mail host tells you to do so.',
+	'SMTP_SERVER_EXPLAIN'			=> 'Do not provide a protocol (<samp>ssl://</samp> or <samp>tls://</samp>) unless your mail host tells you to do so.',
 	'SMTP_SETTINGS'					=> 'SMTP settings',
 	'SMTP_USERNAME'					=> 'SMTP username',
 	'SMTP_USERNAME_EXPLAIN'			=> 'Only enter a username if your SMTP server requires it.',

phpBB/language/en/acp/permissions_phpbb.php

@@ -79,6 +79,7 @@ $lang = array_merge($lang, array(
 	'ACL_U_SAVEDRAFTS'	=> 'Can save drafts',
 	'ACL_U_CHGCENSORS'	=> 'Can disable word censors',
 	'ACL_U_SIG'			=> 'Can use signature',
+	'ACL_U_EMOJI'		=> 'Can use emoji and rich text characters in topic title',
 
 	'ACL_U_SENDPM'		=> 'Can send private messages',
 	'ACL_U_MASSPM'		=> 'Can send private messages to multiple users',

phpBB/language/en/acp/posting.php

@@ -56,7 +56,6 @@ $lang = array_merge($lang, array(
 
 	'BBCODE_INVALID_TAG_NAME'	=> 'The BBCode tag name that you selected already exists.',
 	'BBCODE_INVALID'			=> 'Your BBCode is constructed in an invalid form.',
-	'BBCODE_OPEN_ENDED_TAG'		=> 'Your custom BBCode must contain both an opening and a closing tag.',
 	'BBCODE_TAG'				=> 'Tag',
 	'BBCODE_TAG_TOO_LONG'		=> 'The tag name you selected is too long.',
 	'BBCODE_TAG_DEF_TOO_LONG'	=> 'The tag definition that you have entered is too long, please shorten your tag definition.',
@@ -78,13 +77,13 @@ $lang = array_merge($lang, array(
 	'TOO_MANY_BBCODES'		=> 'You cannot create any more BBCodes. Please remove one or more BBCodes then try again.',
 
 	'tokens'	=>	array(
-		'TEXT'			=> 'Any text, including foreign characters, numbers, etc… You should not use this token in HTML tags. Instead try to use IDENTIFIER, INTTEXT or SIMPLETEXT.',
+		'TEXT'			=> 'Any text, including foreign characters, numbers, etc…',
 		'SIMPLETEXT'	=> 'Characters from the latin alphabet (A-Z), numbers, spaces, commas, dots, minus, plus, hyphen and underscore',
 		'INTTEXT'		=> 'Unicode letter characters, numbers, spaces, commas, dots, minus, plus, hyphen, underscore and whitespaces.',
 		'IDENTIFIER'	=> 'Characters from the latin alphabet (A-Z), numbers, hyphen and underscore',
 		'NUMBER'		=> 'Any series of digits',
 		'EMAIL'			=> 'A valid email address',
-		'URL'			=> 'A valid URL using any protocol (http, ftp, etc… cannot be used for javascript exploits). If none is given, “http://” is prefixed to the string.',
+		'URL'			=> 'A valid URL using any allowed protocol (http, ftp, etc… cannot be used for javascript exploits). If none is given, “http://” is prefixed to the string.',
 		'LOCAL_URL'		=> 'A local URL. The URL must be relative to the topic page and cannot contain a server name or protocol, as links are prefixed with “%s”',
 		'RELATIVE_URL'	=> 'A relative URL. You can use this to match parts of a URL, but be careful: a full URL is a valid relative URL. When you want to use relative URLs of your board, use the LOCAL_URL token.',
 		'COLOR'			=> 'A HTML colour, can be either in the numeric form <samp>#FF1234</samp> or a <a href="http://www.w3.org/TR/CSS21/syndata.html#value-def-color">CSS colour keyword</a> such as <samp>fuchsia</samp> or <samp>InactiveBorder</samp>',

phpBB/language/en/common.php

@@ -91,7 +91,7 @@ $lang = array_merge($lang, array(
 	'ATTACHED_IMAGE_NOT_IMAGE'		=> 'The image file you tried to attach is invalid.',
 	'AUTHOR'						=> 'Author',
 	'AUTH_NO_PROFILE_CREATED'		=> 'The creation of a user profile was unsuccessful.',
-	'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED'				=> 'The account is already linked with other user.',
+	'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED'				=> 'This external service is already associated with another board account.',
 	'AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY'				=> 'Invalid database entry.',
 	'AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE'		=> 'Invalid service type provided to OAuth service handler.',
 	'AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED'			=> 'OAuth service not created',
@@ -519,7 +519,7 @@ $lang = array_merge($lang, array(
 	'NO_POSTS_TIME_FRAME'		=> 'No posts exist inside this topic for the selected time frame.',
 	'NO_FEED_ENABLED'			=> 'Feeds are not available on this board.',
 	'NO_FEED'					=> 'The requested feed is not available.',
-	'NO_STYLE_DATA'				=> 'Could not get style data',
+	'NO_STYLE_DATA'				=> 'Could not get style data for user_style %s and set for user_id %s',
 	'NO_STYLE_CFG'				=> 'Could not get the style configuration file for: %s',
 	'NO_SUBJECT'				=> 'No subject specified',								// Used for posts having no subject defined but displayed within management pages.
 	'NO_SUCH_SEARCH_MODULE'		=> 'The specified search backend doesn’t exist.',

phpBB/memberlist.php

@@ -1675,7 +1675,7 @@ switch ($mode)
 			}
 
 			// do we need to display contact fields as such
-			$use_contact_fields = false;
+			$use_contact_fields = true;
 
 			/**
 			 * Modify list of users before member row is created

phpBB/phpbb/auth/provider/oauth/oauth.php

@@ -216,10 +216,15 @@ class oauth extends \phpbb\auth\provider\base
 			$this->service_providers[$service_name]->set_external_service_provider($service);
 			$unique_id = $this->service_providers[$service_name]->perform_auth_login();
 
-			// Check to see if this provider is already assosciated with an account
+			/**
+			 * Check to see if this provider is already associated with an account.
+			 *
+			 * Enforcing a data type to make data contains strings and not integers,
+			 * so values are quoted in the SQL WHERE statement.
+			 */
 			$data = array(
-				'provider'	=> $service_name_original,
-				'oauth_provider_id'	=> $unique_id
+				'provider'			=> (string) $service_name_original,
+				'oauth_provider_id'	=> (string) $unique_id
 			);
 
 			$sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . '

phpBB/phpbb/avatar/driver/remote.php

@@ -49,6 +49,8 @@ class remote extends \phpbb\avatar\driver\driver
 	*/
 	public function process_form($request, $template, $user, $row, &$error)
 	{
+		global $phpbb_dispatcher;
+
 		$url = $request->variable('avatar_remote_url', '');
 		$width = $request->variable('avatar_remote_width', 0);
 		$height = $request->variable('avatar_remote_height', 0);
@@ -84,6 +86,24 @@ class remote extends \phpbb\avatar\driver\driver
 			return false;
 		}
 
+		/**
+		 * Event to make custom validation of avatar upload
+		 *
+		 * @event core.ucp_profile_avatar_upload_validation
+		 * @var	string	url		Image url
+		 * @var	string	width	Image width
+		 * @var	string	height	Image height
+		 * @var	array	error	Error message array
+		 * @since 3.2.9-RC1
+		 */
+		$vars = array('url', 'width', 'height', 'error');
+		extract($phpbb_dispatcher->trigger_event('core.ucp_profile_avatar_upload_validation', compact($vars)));
+
+		if (!empty($error))
+		{
+			return false;
+		}
+
 		// Check if this url looks alright
 		// Do not allow specifying the port (see RFC 3986) or IP addresses
 		if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) ||

phpBB/phpbb/db/driver/mysqli.php

@@ -68,6 +68,9 @@ class mysqli extends \phpbb\db\driver\mysql_base
 
 		if ($this->db_connect_id && $this->dbname != '')
 		{
+			// Disable loading local files on client side
+			@mysqli_options($this->db_connect_id, MYSQLI_OPT_LOCAL_INFILE, false);
+
 			@mysqli_query($this->db_connect_id, "SET NAMES 'utf8'");
 
 			// enforce strict mode on databases that support it

phpBB/phpbb/db/migration/data/v32x/user_emoji_permission.php

@@ -0,0 +1,44 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v32x;
+
+class user_emoji_permission extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		$sql = 'SELECT auth_option_id
+			FROM ' . ACL_OPTIONS_TABLE . "
+			WHERE auth_option = 'u_emoji'";
+		$result = $this->db->sql_query($sql);
+		$auth_option_id = $this->db->sql_fetchfield('auth_option_id');
+		$this->db->sql_freeresult($result);
+
+		return $auth_option_id !== false;
+	}
+
+	static public function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v32x\v329rc1',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['permission.add', ['u_emoji']],
+			['permission.permission_set', ['REGISTERED', 'u_emoji', 'group']],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v32x/v328.php

@@ -0,0 +1,36 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v32x;
+
+class v328 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return phpbb_version_compare($this->config['version'], '3.2.8', '>=');
+	}
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v32x\v328rc1',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.2.8')),
+		);
+	}
+}

phpBB/phpbb/db/migration/data/v32x/v329.php

@@ -0,0 +1,37 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v32x;
+
+class v329 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return phpbb_version_compare($this->config['version'], '3.2.9', '>=');
+	}
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v32x\v329rc1',
+			'\phpbb\db\migration\data\v32x\user_emoji_permission',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.2.9')),
+		);
+	}
+}

phpBB/phpbb/db/migration/data/v32x/v329rc1.php

@@ -0,0 +1,36 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v32x;
+
+class v329rc1 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return phpbb_version_compare($this->config['version'], '3.2.9-RC1', '>=');
+	}
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v32x\v328',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.2.9-RC1')),
+		);
+	}
+}

phpBB/phpbb/filesystem/filesystem.php

@@ -835,7 +835,7 @@ class filesystem implements filesystem_interface
 				$current_path = $resolved_path . '/' . $path_part;
 
 				// Resolve symlinks
-				if (is_link($current_path))
+				if (@is_link($current_path))
 				{
 					if (!function_exists('readlink'))
 					{
@@ -872,12 +872,12 @@ class filesystem implements filesystem_interface
 
 					$resolved_path = false;
 				}
-				else if (is_dir($current_path . '/'))
+				else if (@is_dir($current_path . '/'))
 				{
 					$resolved[] = $path_part;
 					$resolved_path = $current_path;
 				}
-				else if (is_file($current_path))
+				else if (@is_file($current_path))
 				{
 					$resolved[] = $path_part;
 					$resolved_path = $current_path;

phpBB/phpbb/message/form.php

@@ -136,7 +136,7 @@ abstract class form
 	{
 		if (!check_form_key('memberlist_email'))
 		{
-			$this->errors[] = 'FORM_INVALID';
+			$this->errors[] = $this->user->lang('FORM_INVALID');
 		}
 
 		if (!count($this->errors))

phpBB/phpbb/permissions.php

@@ -234,6 +234,7 @@ class permissions
 		'u_savedrafts'	=> array('lang' => 'ACL_U_SAVEDRAFTS', 'cat' => 'post'),
 		'u_chgcensors'	=> array('lang' => 'ACL_U_CHGCENSORS', 'cat' => 'post'),
 		'u_sig'			=> array('lang' => 'ACL_U_SIG', 'cat' => 'post'),
+		'u_emoji'		=> array('lang' => 'ACL_U_EMOJI', 'cat' => 'post'),
 
 		'u_sendpm'		=> array('lang' => 'ACL_U_SENDPM', 'cat' => 'pm'),
 		'u_masspm'		=> array('lang' => 'ACL_U_MASSPM', 'cat' => 'pm'),

phpBB/phpbb/plupload/plupload.php

@@ -216,38 +216,36 @@ class plupload
 	}
 
 	/**
-	* Looks at the list of allowed extensions and generates a string
-	* appropriate for use in configuring plupload with
-	*
-	* @param \phpbb\cache\service $cache
-	* @param string $forum_id The ID of the forum
-	*
-	* @return string
-	*/
+	 * Looks at the list of allowed extensions and generates a string
+	 * appropriate for use in configuring plupload with
+	 *
+	 * @param \phpbb\cache\service	$cache		Cache service object
+	 * @param string				$forum_id	The forum identifier
+	 *
+	 * @return string
+	 */
 	public function generate_filter_string(\phpbb\cache\service $cache, $forum_id)
 	{
+		$groups = [];
+		$filters = [];
+
 		$attach_extensions = $cache->obtain_attach_extensions($forum_id);
 		unset($attach_extensions['_allowed_']);
-		$groups = array();
 
 		// Re-arrange the extension array to $groups[$group_name][]
 		foreach ($attach_extensions as $extension => $extension_info)
 		{
-			if (!isset($groups[$extension_info['group_name']]))
-			{
-				$groups[$extension_info['group_name']] = array();
-			}
-
-			$groups[$extension_info['group_name']][] = $extension;
+			$groups[$extension_info['group_name']]['extensions'][] = $extension;
+			$groups[$extension_info['group_name']]['max_file_size'] = (int) $extension_info['max_filesize'];
 		}
 
-		$filters = array();
-		foreach ($groups as $group => $extensions)
+		foreach ($groups as $group => $group_info)
 		{
 			$filters[] = sprintf(
-				"{title: '%s', extensions: '%s'}",
+				"{title: '%s', extensions: '%s', max_file_size: %s}",
 				addslashes(ucfirst(strtolower($group))),
-				addslashes(implode(',', $extensions))
+				addslashes(implode(',', $group_info['extensions'])),
+				$group_info['max_file_size']
 			);
 		}
 
@@ -276,22 +274,37 @@ class plupload
 	}
 
 	/**
-	* Checks various php.ini values and the maximum file size to determine
-	* the maximum size chunks a file can be split up into for upload
-	*
-	* @return int
-	*/
+	 * Checks various php.ini values to determine the maximum chunk
+	 * size a file should be split into for upload.
+	 *
+	 * The intention is to calculate a value which reflects whatever
+	 * the most restrictive limit is set to.  And to then set the chunk
+	 * size to half that value, to ensure any required transfer overhead
+	 * and POST data remains well within the limit.  Or, if all of the
+	 * limits are set to unlimited, the chunk size will also be unlimited.
+	 *
+	 * @return int
+	 *
+	 * @access public
+	 */
 	public function get_chunk_size()
 	{
-		$max = min(
+		$max = 0;
+
+		$limits = [
+			$this->php_ini->getBytes('memory_limit'),
 			$this->php_ini->getBytes('upload_max_filesize'),
 			$this->php_ini->getBytes('post_max_size'),
-			max(1, $this->php_ini->getBytes('memory_limit')),
-			$this->config['max_filesize']
-		);
+		];
+
+		foreach ($limits as $limit_type)
+		{
+			if ($limit_type > 0)
+			{
+				$max = ($max !== 0) ? min($limit_type, $max) : $limit_type;
+			}
+		}
 
-		// Use half of the maximum possible to leave plenty of room for other
-		// POST data.
 		return floor($max / 2);
 	}
 

phpBB/phpbb/search/fulltext_sphinx.php

@@ -335,6 +335,7 @@ class fulltext_sphinx
 				array('charset_table',				'U+FF10..U+FF19->0..9, 0..9, U+FF41..U+FF5A->a..z, U+FF21..U+FF3A->a..z, A..Z->a..z, a..z, U+0149, U+017F, U+0138, U+00DF, U+00FF, U+00C0..U+00D6->U+00E0..U+00F6, U+00E0..U+00F6, U+00D8..U+00DE->U+00F8..U+00FE, U+00F8..U+00FE, U+0100->U+0101, U+0101, U+0102->U+0103, U+0103, U+0104->U+0105, U+0105, U+0106->U+0107, U+0107, U+0108->U+0109, U+0109, U+010A->U+010B, U+010B, U+010C->U+010D, U+010D, U+010E->U+010F, U+010F, U+0110->U+0111, U+0111, U+0112->U+0113, U+0113, U+0114->U+0115, U+0115, U+0116->U+0117, U+0117, U+0118->U+0119, U+0119, U+011A->U+011B, U+011B, U+011C->U+011D, U+011D, U+011E->U+011F, U+011F, U+0130->U+0131, U+0131, U+0132->U+0133, U+0133, U+0134->U+0135, U+0135, U+0136->U+0137, U+0137, U+0139->U+013A, U+013A, U+013B->U+013C, U+013C, U+013D->U+013E, U+013E, U+013F->U+0140, U+0140, U+0141->U+0142, U+0142, U+0143->U+0144, U+0144, U+0145->U+0146, U+0146, U+0147->U+0148, U+0148, U+014A->U+014B, U+014B, U+014C->U+014D, U+014D, U+014E->U+014F, U+014F, U+0150->U+0151, U+0151, U+0152->U+0153, U+0153, U+0154->U+0155, U+0155, U+0156->U+0157, U+0157, U+0158->U+0159, U+0159, U+015A->U+015B, U+015B, U+015C->U+015D, U+015D, U+015E->U+015F, U+015F, U+0160->U+0161, U+0161, U+0162->U+0163, U+0163, U+0164->U+0165, U+0165, U+0166->U+0167, U+0167, U+0168->U+0169, U+0169, U+016A->U+016B, U+016B, U+016C->U+016D, U+016D, U+016E->U+016F, U+016F, U+0170->U+0171, U+0171, U+0172->U+0173, U+0173, U+0174->U+0175, U+0175, U+0176->U+0177, U+0177, U+0178->U+00FF, U+00FF, U+0179->U+017A, U+017A, U+017B->U+017C, U+017C, U+017D->U+017E, U+017E, U+0410..U+042F->U+0430..U+044F, U+0430..U+044F, U+4E00..U+9FFF'),
 				array('min_prefix_len',				'0'),
 				array('min_infix_len',				'0'),
+				array('html_strip',					'1'),
 			),
 			'index index_phpbb_' . $this->id . '_delta : index_phpbb_' . $this->id . '_main' => array(
 				array('path',						$this->config['fulltext_sphinx_data_path'] . 'index_phpbb_' . $this->id . '_delta'),
@@ -644,7 +645,7 @@ class fulltext_sphinx
 
 		$this->sphinx->SetFilter('deleted', array(0));
 
-		$this->sphinx->SetLimits((int) $start, (int) $per_page, SPHINX_MAX_MATCHES);
+		$this->sphinx->SetLimits((int) $start, (int) $per_page, max(SPHINX_MAX_MATCHES, (int) $start + $per_page));
 		$result = $this->sphinx->Query($search_query_prefix . $this->sphinx->EscapeString(str_replace('"', '"', $this->search_query)), $this->indexes);
 
 		// Could be connection to localhost:9312 failed (errno=111,
@@ -675,7 +676,7 @@ class fulltext_sphinx
 		{
 			$start = floor(($result_count - 1) / $per_page) * $per_page;
 
-			$this->sphinx->SetLimits((int) $start, (int) $per_page, SPHINX_MAX_MATCHES);
+			$this->sphinx->SetLimits((int) $start, (int) $per_page, max(SPHINX_MAX_MATCHES, (int) $start + $per_page));
 			$result = $this->sphinx->Query($search_query_prefix . $this->sphinx->EscapeString(str_replace('"', '"', $this->search_query)), $this->indexes);
 
 			// Could be connection to localhost:9312 failed (errno=111,

phpBB/phpbb/session.php

@@ -1077,7 +1077,7 @@ class session
 	*/
 	function set_cookie($name, $cookiedata, $cookietime, $httponly = true)
 	{
-		global $config;
+		global $config, $phpbb_dispatcher;
 
 		// If headers are already set, we just return
 		if (headers_sent())
@@ -1085,6 +1085,32 @@ class session
 			return;
 		}
 
+		$disable_cookie = false;
+		/**
+		* Event to modify or disable setting cookies
+		*
+		* @event core.set_cookie
+		* @var	bool		disable_cookie	Set to true to disable setting this cookie
+		* @var	string		name			Name of the cookie
+		* @var	string		cookiedata		The data to hold within the cookie
+		* @var	int			cookietime		The expiration time as UNIX timestamp
+		* @var	bool		httponly		Use HttpOnly?
+		* @since 3.2.9-RC1
+		*/
+		$vars = array(
+			'disable_cookie',
+			'name',
+			'cookiedata',
+			'cookietime',
+			'httponly',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.set_cookie', compact($vars)));
+
+		if ($disable_cookie)
+		{
+			return;
+		}
+
 		$name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata);
 		$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
 		$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain'];

phpBB/phpbb/textformatter/s9e/bbcode_merger.php

@@ -50,7 +50,7 @@ class bbcode_merger
 		$with    = $this->create_bbcode($with);
 
 		// Select the appropriate strategy for merging this BBCode
-		if ($this->is_content_bbcode($without, $with))
+		if (!$this->is_optional_bbcode($without, $with) && $this->is_content_bbcode($without, $with))
 		{
 			$merged = $this->merge_content_bbcode($without, $with);
 		}
@@ -107,12 +107,12 @@ class bbcode_merger
 	/**
 	* Test whether the two definitions form a "content"-style BBCode
 	*
-	* Such BBCodes include the [URL] BBCode, which uses its text content as
+	* Such BBCodes include the [url] BBCode, which uses its text content as
 	* attribute if none is provided
 	*
 	* @param  array $without BBCode definition without an attribute
 	* @param  array $with    BBCode definition with an attribute
-	* @return array          Merged definition
+	* @return bool
 	*/
 	protected function is_content_bbcode(array $without, array $with)
 	{
@@ -122,6 +122,22 @@ class bbcode_merger
 			&& preg_match('(>[^<]*?' . preg_quote($m[1]) . '[^>]*?<)s', $without['template']));
 	}
 
+	/**
+	* Test whether the two definitions form BBCode with an optional attribute
+	*
+	* @param  array $without BBCode definition without an attribute
+	* @param  array $with    BBCode definition with an attribute
+	* @return bool
+	*/
+	protected function is_optional_bbcode(array $without, array $with)
+	{
+		// Remove the default attribute from the definition
+		$with['usage'] = preg_replace('(=[^\\]]++)', '', $with['usage']);
+
+		// Test whether both definitions are the same, regardless of case
+		return strcasecmp($without['usage'], $with['usage']) === 0;
+	}
+
 	/**
 	* Merge the two BBCode definitions of a "content"-style BBCode
 	*
@@ -131,7 +147,7 @@ class bbcode_merger
 	*/
 	protected function merge_content_bbcode(array $without, array $with)
 	{
-		// Convert [X={X}] into [X={X;useContent}]
+		// Convert [x={X}] into [x={X;useContent}]
 		$usage = preg_replace('(\\})', ';useContent}', $with['usage'], 1);
 
 		// Use the template from the definition that uses an attribute
@@ -143,7 +159,7 @@ class bbcode_merger
 	/**
 	* Merge the two BBCode definitions of a BBCode with an optional argument
 	*
-	* Such BBCodes include the [QUOTE] BBCode, which takes an optional argument
+	* Such BBCodes include the [quote] BBCode, which takes an optional argument
 	* but otherwise does not behave differently
 	*
 	* @param  array $without BBCode definition without an attribute

phpBB/phpbb/textformatter/s9e/factory.php

@@ -89,6 +89,8 @@ class factory implements \phpbb\textformatter\cache_interface
 				author={TEXT1;optional}
 				post_id={UINT;optional}
 				post_url={URL;optional;postFilter=#false}
+				msg_id={UINT;optional}
+				msg_url={URL;optional;postFilter=#false}
 				profile_url={URL;optional;postFilter=#false}
 				time={UINT;optional}
 				url={URL;optional}
@@ -110,7 +112,7 @@ class factory implements \phpbb\textformatter\cache_interface
 		'i'     => '<span style="font-style: italic"><xsl:apply-templates/></span>',
 		'u'     => '<span style="text-decoration: underline"><xsl:apply-templates/></span>',
 		'img'   => '<img src="{IMAGEURL}" class="postimage" alt="{L_IMAGE}"/>',
-		'size'  => '<span style="font-size: {FONTSIZE}%; line-height: normal"><xsl:apply-templates/></span>',
+		'size'	=> '<span><xsl:attribute name="style"><xsl:text>font-size: </xsl:text><xsl:value-of select="substring(@size, 1, 4)"/><xsl:text>%; line-height: normal</xsl:text></xsl:attribute><xsl:apply-templates/></span>',
 		'color' => '<span style="color: {COLOR}"><xsl:apply-templates/></span>',
 		'email' => '<a>
 			<xsl:attribute name="href">

phpBB/phpbb/textformatter/s9e/link_helper.php

@@ -61,7 +61,7 @@ class link_helper
 		$text   = substr($parser->getText(), $start, $length);
 
 		// Create a tag that consumes the link's text and make it depends on this tag
-		$link_text_tag = $parser->addSelfClosingTag('LINK_TEXT', $start, $length);
+		$link_text_tag = $parser->addSelfClosingTag('LINK_TEXT', $start, $length, 10);
 		$link_text_tag->setAttribute('text', $text);
 		$tag->cascadeInvalidationTo($link_text_tag);
 	}

phpBB/phpbb/textformatter/s9e/parser.php

@@ -15,6 +15,7 @@ namespace phpbb\textformatter\s9e;
 
 use s9e\TextFormatter\Parser\AttributeFilters\UrlFilter;
 use s9e\TextFormatter\Parser\Logger;
+use s9e\TextFormatter\Parser\Tag;
 
 /**
 * s9e\TextFormatter\Parser adapter
@@ -219,7 +220,7 @@ class parser implements \phpbb\textformatter\parser_interface
 			{
 				$errors[] = array($msg, $context['max_' . strtolower($m[1])]);
 			}
-			else if ($msg === 'Tag is disabled')
+			else if ($msg === 'Tag is disabled' && $this->is_a_bbcode($context['tag']))
 			{
 				$name = strtolower($context['tag']->getName());
 				$errors[] = array('UNAUTHORISED_BBCODE', '[' . $name . ']');
@@ -342,7 +343,7 @@ class parser implements \phpbb\textformatter\parser_interface
 			return false;
 		}
 
-		if ($size < 1)
+		if ($size < 1 || !is_numeric($size))
 		{
 			return false;
 		}
@@ -396,4 +397,21 @@ class parser implements \phpbb\textformatter\parser_interface
 
 		return $url;
 	}
+
+	/**
+	* Test whether given tag consumes text that looks like BBCode-styled markup
+	*
+	* @param  Tag  $tag Original tag
+	* @return bool
+	*/
+	protected function is_a_bbcode(Tag $tag)
+	{
+		if ($tag->getLen() < 3)
+		{
+			return false;
+		}
+		$markup = substr($this->parser->getText(), $tag->getPos(), $tag->getLen());
+
+		return (bool) preg_match('(^\\[\\w++.*?\\]$)s', $markup);
+	}
 }

phpBB/phpbb/textformatter/s9e/quote_helper.php

@@ -20,6 +20,11 @@ class quote_helper
 	*/
 	protected $post_url;
 
+	/**
+	* @var string Base URL for a private message link, uses {MSG_ID} as placeholder
+	*/
+	protected $msg_url;
+
 	/**
 	* @var string Base URL for a profile link, uses {USER_ID} as placeholder
 	*/
@@ -40,6 +45,7 @@ class quote_helper
 	public function __construct(\phpbb\user $user, $root_path, $php_ext)
 	{
 		$this->post_url = append_sid($root_path . 'viewtopic.' . $php_ext, 'p={POST_ID}#p{POST_ID}', false);
+		$this->msg_url = append_sid($root_path . 'ucp.' . $php_ext, 'i=pm&mode=view&p={MSG_ID}', false);
 		$this->profile_url = append_sid($root_path . 'memberlist.' . $php_ext, 'mode=viewprofile&u={USER_ID}', false);
 		$this->user = $user;
 	}
@@ -52,26 +58,26 @@ class quote_helper
 	*/
 	public function inject_metadata($xml)
 	{
-		$post_url = $this->post_url;
-		$profile_url = $this->profile_url;
-		$user = $this->user;
-
 		return \s9e\TextFormatter\Utils::replaceAttributes(
 			$xml,
 			'QUOTE',
-			function ($attributes) use ($post_url, $profile_url, $user)
+			function ($attributes)
 			{
 				if (isset($attributes['post_id']))
 				{
-					$attributes['post_url'] = str_replace('{POST_ID}', $attributes['post_id'], $post_url);
+					$attributes['post_url'] = str_replace('{POST_ID}', $attributes['post_id'], $this->post_url);
+				}
+				if (isset($attributes['msg_id']))
+				{
+					$attributes['msg_url'] = str_replace('{MSG_ID}', $attributes['msg_id'], $this->msg_url);
 				}
 				if (isset($attributes['time']))
 				{
-					$attributes['date'] = $user->format_date($attributes['time']);
+					$attributes['date'] = $this->user->format_date($attributes['time']);
 				}
 				if (isset($attributes['user_id']))
 				{
-					$attributes['profile_url'] = str_replace('{USER_ID}', $attributes['user_id'], $profile_url);
+					$attributes['profile_url'] = str_replace('{USER_ID}', $attributes['user_id'], $this->profile_url);
 				}
 
 				return $attributes;

phpBB/phpbb/user.php

@@ -281,9 +281,43 @@ class user extends \phpbb\session
 			$db->sql_freeresult($result);
 		}
 
+		// Fallback to board's default style
 		if (!$this->style)
 		{
-			trigger_error('NO_STYLE_DATA', E_USER_ERROR);
+			// Verify default style exists in the database
+			$sql = 'SELECT style_id
+				FROM ' . STYLES_TABLE . '
+				WHERE style_id = ' . (int) $config['default_style'];
+			$result = $db->sql_query($sql);
+			$style_id = (int) $db->sql_fetchfield('style_id');
+			$db->sql_freeresult($result);
+
+			if ($style_id > 0)
+			{
+				$db->sql_transaction('begin');
+
+				// Update $user row
+				$sql = 'SELECT *
+					FROM ' . STYLES_TABLE . '
+					WHERE style_id = ' . (int) $config['default_style'];
+				$result = $db->sql_query($sql);
+				$this->style = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
+
+				// Update user style preference
+				$sql = 'UPDATE ' . USERS_TABLE . '
+					SET user_style = ' . (int) $style_id . '
+					WHERE user_id = ' . (int) $this->data['user_id'];
+				$db->sql_query($sql);
+
+				$db->sql_transaction('commit');
+			}
+		}
+
+		// This should never happen
+		if (!$this->style)
+		{
+			trigger_error($this->language->lang('NO_STYLE_DATA', $this->data['user_style'], $this->data['user_id']), E_USER_ERROR);
 		}
 
 		// Now parse the cfg file and cache it

phpBB/posting.php

@@ -256,12 +256,6 @@ if ($mode == 'popup')
 
 $user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']);
 
-if ($config['enable_post_confirm'] && !$user->data['is_registered'])
-{
-	$captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']);
-	$captcha->init(CONFIRM_POST);
-}
-
 // Use post_row values in favor of submitted ones...
 $forum_id	= (!empty($post_data['forum_id'])) ? (int) $post_data['forum_id'] : (int) $forum_id;
 $topic_id	= (!empty($post_data['topic_id'])) ? (int) $post_data['topic_id'] : (int) $topic_id;
@@ -427,6 +421,12 @@ if (!$is_authed || !empty($error))
 	login_box('', $message);
 }
 
+if ($config['enable_post_confirm'] && !$user->data['is_registered'])
+{
+	$captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']);
+	$captcha->init(CONFIRM_POST);
+}
+
 // Is the user able to post within this forum?
 if ($post_data['forum_type'] != FORUM_POST && in_array($mode, array('post', 'bump', 'quote', 'reply')))
 {
@@ -974,7 +974,10 @@ if ($submit || $preview || $refresh)
 	}
 
 	// Parse Attachments - before checksum is calculated
-	$message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh);
+	if ($message_parser->check_attachment_form_token($language, $request, 'posting'))
+	{
+		$message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh);
+	}
 
 	/**
 	* This event allows you to modify message text before parsing
@@ -1178,12 +1181,27 @@ if ($submit || $preview || $refresh)
 		$error[] = $user->lang['EMPTY_SUBJECT'];
 	}
 
-	// Check for out-of-bounds characters that are currently
-	// not supported by utf8_bin in MySQL
-	if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $post_data['post_subject'], $matches))
+	/**
+	 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
+	 * Using their Numeric Character Reference's Hexadecimal notation.
+	 * Check the permissions for posting Emojis first.
+	 */
+	if ($auth->acl_get('u_emoji'))
 	{
-		$character_list = implode('<br />', $matches[0]);
-		$error[] = $user->lang('UNSUPPORTED_CHARACTERS_SUBJECT', $character_list);
+		$post_data['post_subject'] = utf8_encode_ucr($post_data['post_subject']);
+	}
+	else
+	{
+		/**
+		 * Check for out-of-bounds characters that are currently
+		 * not supported by utf8_bin in MySQL
+		 */
+		if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $post_data['post_subject'], $matches))
+		{
+			$character_list = implode('<br>', $matches[0]);
+
+			$error[] = $user->lang('UNSUPPORTED_CHARACTERS_SUBJECT', $character_list);
+		}
 	}
 
 	$post_data['poll_last_vote'] = (isset($post_data['poll_last_vote'])) ? $post_data['poll_last_vote'] : 0;

phpBB/search.php

@@ -1093,9 +1093,12 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 					'TOPIC_AUTHOR_COLOUR'		=> get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']),
 					'TOPIC_AUTHOR_FULL'			=> get_username_string('full', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']),
 					'FIRST_POST_TIME'			=> $user->format_date($row['topic_time']),
+					'FIRST_POST_TIME_RFC3339'	=> gmdate(DATE_RFC3339, $row['topic_time']),
 					'LAST_POST_SUBJECT'			=> $row['topic_last_post_subject'],
 					'LAST_POST_TIME'			=> $user->format_date($row['topic_last_post_time']),
+					'LAST_POST_TIME_RFC3339'	=> gmdate(DATE_RFC3339, $row['topic_last_post_time']),
 					'LAST_VIEW_TIME'			=> $user->format_date($row['topic_last_view_time']),
+					'LAST_VIEW_TIME_RFC3339'	=> gmdate(DATE_RFC3339, $row['topic_last_view_time']),
 					'LAST_POST_AUTHOR'			=> get_username_string('username', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']),
 					'LAST_POST_AUTHOR_COLOUR'	=> get_username_string('colour', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']),
 					'LAST_POST_AUTHOR_FULL'		=> get_username_string('full', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']),

phpBB/styles/prosilver/style.cfg

@@ -21,8 +21,8 @@
 # General Information about this style
 name = prosilver
 copyright = © phpBB Limited, 2007
-style_version = 3.2.8
-phpbb_version = 3.2.8
+style_version = 3.2.9
+phpbb_version = 3.2.9
 
 # Defining a different template bitfield
 # template_bitfield = //g=

phpBB/styles/prosilver/template/bbcode.html

@@ -37,6 +37,10 @@
 					<xsl:text> </xsl:text>
 					<a href="{@post_url}" data-post-id="{@post_id}" onclick="if(document.getElementById(hash.substr(1)))href=hash">&#8593;</a>
 				</xsl:if>
+				<xsl:if test="@msg_url">
+					<xsl:text> </xsl:text>
+					<a href="{@msg_url}" data-msg-id="{@msg_id}">&#8593;</a>
+				</xsl:if>
 				<xsl:if test="@date">
 					<div class="responsive-hide"><xsl:value-of select="@date"/></div>
 				</xsl:if>

phpBB/styles/prosilver/template/forumlist_body.html

@@ -101,7 +101,7 @@
 										<i class="icon fa-external-link-square fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{L_VIEW_LATEST_POST}</span>
 									</a>
 								<!-- ENDIF -->
-								<br />{forumrow.LAST_POST_TIME}
+								<br /><time datetime="{forumrow.LAST_POST_TIME_RFC3339}">{forumrow.LAST_POST_TIME}</time>
 							<!-- ELSE -->
 							{% if forumrow.U_UNAPPROVED_TOPICS %}
 								{{ lang('TOPIC_UNAPPROVED_FORUM', forumrow.TOPICS) }}

phpBB/styles/prosilver/template/mcp_topic.html

@@ -118,7 +118,7 @@
 
 				<!-- EVENT mcp_topic_postrow_post_details_before -->
 				<p class="author">
-					<a href="#pr{postrow.POST_ID}" title="{postrow.MINI_POST}">
+					<a href="{postrow.U_MINI_POST}" title="{postrow.MINI_POST}">
 						<i class="icon fa-file fa-fw icon-lightgray icon-tiny" aria-hidden="true"></i><span class="sr-only">{postrow.MINI_POST}</span>
 					</a> {L_POSTED} {postrow.POST_DATE} {L_POST_BY_AUTHOR} {% EVENT mcp_topic_post_author_full_prepend %}<strong>{postrow.POST_AUTHOR_FULL}</strong>{% EVENT mcp_topic_post_author_full_append %}<!-- IF postrow.U_MCP_DETAILS --> [ <a href="{postrow.U_MCP_DETAILS}">{L_POST_DETAILS}</a> ]<!-- ENDIF -->
 				</p>

phpBB/styles/prosilver/template/memberlist_body.html

@@ -28,8 +28,13 @@
 		<p>
 			<!-- IF AVATAR_IMG -->{AVATAR_IMG}<!-- ENDIF -->
 			{% EVENT memberlist_body_group_rank_before %}
-			<!-- IF RANK_IMG -->{RANK_IMG}<!-- ENDIF -->
-			<!-- IF GROUP_RANK -->{GROUP_RANK}<!-- ENDIF -->
+			{% if RANK_IMG %}{{ RANK_IMG }}{% endif %}
+			{% if GROUP_RANK %}
+				{% if not RANK_IMG %}
+					{{ lang('GROUP_RANK') ~ lang('COLON') }}
+				{% endif %}
+				{{ GROUP_RANK }}
+			{% endif %}
 			{% EVENT memberlist_body_group_rank_after %}
 		</p>
 	<!-- ELSE -->
@@ -120,7 +125,13 @@
 	<tr class="<!-- IF memberrow.S_ROW_COUNT is even -->bg1<!-- ELSE -->bg2<!-- ENDIF --><!-- IF memberrow.S_INACTIVE --> inactive<!-- ENDIF -->">
 		<td><span class="rank-img"><!-- EVENT memberlist_body_rank_prepend --><!-- IF memberrow.RANK_IMG -->{memberrow.RANK_IMG}<!-- ELSE -->{memberrow.RANK_TITLE}<!-- ENDIF --><!-- EVENT memberlist_body_rank_append --></span><!-- IF S_IN_SEARCH_POPUP and not S_SELECT_SINGLE --><input type="checkbox" name="user" value="{memberrow.USERNAME}" /> <!-- ENDIF --><!-- EVENT memberlist_body_username_prepend -->{memberrow.USERNAME_FULL}<!-- IF memberrow.S_INACTIVE --> ({L_INACTIVE})<!-- ENDIF --><!-- EVENT memberlist_body_username_append --><!-- IF S_IN_SEARCH_POPUP --><br />[&nbsp;<a href="#" onclick="insert_single_user('#results', '{memberrow.A_USERNAME}'); return false;">{L_SELECT}</a>&nbsp;]<!-- ENDIF --></td>
 		<td class="posts"><!-- IF memberrow.POSTS and S_DISPLAY_SEARCH --><a href="{memberrow.U_SEARCH_USER}" title="{L_SEARCH_USER_POSTS}">{memberrow.POSTS}</a><!-- ELSE -->{memberrow.POSTS}<!-- ENDIF --></td>
-		<td class="info"><!-- BEGIN custom_fields --><div>{memberrow.custom_fields.PROFILE_FIELD_VALUE}</div><!-- BEGINELSE -->&nbsp;<!-- END custom_fields --></td>
+		<td class="info">
+			{%- for field in memberrow.custom_fields -%}
+				<div>{% if field.S_PROFILE_CONTACT %}<a href="{{ field.PROFILE_FIELD_CONTACT }}">{% endif %}{{ field.PROFILE_FIELD_VALUE }}{% if field.S_PROFILE_CONTACT %}</a>{% endif %}</div>
+			{%- else -%}
+				&nbsp;
+			{%- endfor -%}
+		</td>
 		<td>{memberrow.JOINED}</td>
 		<!-- IF S_VIEWONLINE --><td>{memberrow.LAST_ACTIVE}&nbsp;</td><!-- ENDIF -->
 		{% EVENT memberlist_body_memberrow_after %}

phpBB/styles/prosilver/template/navbar_header.html

@@ -160,7 +160,7 @@
 			</li>
 		<!-- ENDIF -->
 		<!-- EVENT navbar_header_user_profile_append -->
-	<!-- ELSE -->
+	<!-- ELSE IF not S_IS_BOT -->
 		<li class="rightside"  data-skip-responsive="true">
 			<a href="{U_LOGIN_LOGOUT}" title="{L_LOGIN_LOGOUT}" accesskey="x" role="menuitem">
 				<i class="icon fa-power-off fa-fw" aria-hidden="true"></i><span>{L_LOGIN_LOGOUT}</span>
@@ -183,14 +183,14 @@
 		<!-- EVENT overall_header_breadcrumbs_before -->
 		<li class="breadcrumbs" itemscope itemtype="http://schema.org/BreadcrumbList">
 			<!-- IF U_SITE_HOME -->
-				<span class="crumb" {$MICRODATA}><a href="{U_SITE_HOME}" itemtype="https://schema.org/Thing" itemprop="item" data-navbar-reference="home"><i class="icon fa-home fa-fw" aria-hidden="true"></i><span itemprop="name">{L_SITE_HOME}</span></a><meta itemprop="position" content="{{ navlink_position }}{% set navlink_position = navlink_position + 1 %}" /></span>
+				<span class="crumb" {$MICRODATA}><a href="{U_SITE_HOME}" itemtype="https://schema.org/Thing" itemscope itemprop="item" data-navbar-reference="home"><i class="icon fa-home fa-fw" aria-hidden="true"></i><span itemprop="name">{L_SITE_HOME}</span></a><meta itemprop="position" content="{{ navlink_position }}{% set navlink_position = navlink_position + 1 %}" /></span>
 			<!-- ENDIF -->
 			<!-- EVENT overall_header_breadcrumb_prepend -->
-				<span class="crumb" {$MICRODATA}><a href="{U_INDEX}" itemtype="https://schema.org/Thing" itemprop="item" accesskey="h" data-navbar-reference="index"><!-- IF not U_SITE_HOME --><i class="icon fa-home fa-fw"></i><!-- ENDIF --><span itemprop="name">{L_INDEX}</span></a><meta itemprop="position" content="{{ navlink_position }}{% set navlink_position = navlink_position + 1 %}" /></span>
+				<span class="crumb" {$MICRODATA}><a href="{U_INDEX}" itemtype="https://schema.org/Thing" itemscope itemprop="item" accesskey="h" data-navbar-reference="index"><!-- IF not U_SITE_HOME --><i class="icon fa-home fa-fw"></i><!-- ENDIF --><span itemprop="name">{L_INDEX}</span></a><meta itemprop="position" content="{{ navlink_position }}{% set navlink_position = navlink_position + 1 %}" /></span>
 
 			<!-- BEGIN navlinks -->
 				<!-- EVENT overall_header_navlink_prepend -->
-				<span class="crumb" {$MICRODATA}<!-- IF navlinks.MICRODATA --> {navlinks.MICRODATA}<!-- ENDIF -->><a href="{navlinks.U_VIEW_FORUM}" itemtype="https://schema.org/Thing" itemprop="item"><span itemprop="name">{navlinks.FORUM_NAME}</span></a><meta itemprop="position" content="{{ navlink_position }}{% set navlink_position = navlink_position + 1 %}" /></span>
+				<span class="crumb" {$MICRODATA}<!-- IF navlinks.MICRODATA --> {navlinks.MICRODATA}<!-- ENDIF -->><a href="{navlinks.U_VIEW_FORUM}" itemtype="https://schema.org/Thing" itemscope itemprop="item"><span itemprop="name">{navlinks.FORUM_NAME}</span></a><meta itemprop="position" content="{{ navlink_position }}{% set navlink_position = navlink_position + 1 %}" /></span>
 				<!-- EVENT overall_header_navlink_append -->
 			<!-- END navlinks -->
 			<!-- EVENT overall_header_breadcrumb_append -->

phpBB/styles/prosilver/template/overall_footer.html

@@ -17,7 +17,7 @@
 		</p>
 		<!-- ENDIF -->
 		<!-- EVENT overall_footer_copyright_append -->
-		<p class="footer-row">
+		<p class="footer-row" role="menu">
 			<a class="footer-link" href="{{ U_PRIVACY }}" title="{{ lang('PRIVACY_LINK') }}" role="menuitem">
 				<span class="footer-link-text">{{ lang('PRIVACY_LINK') }}</span>
 			</a>

phpBB/styles/prosilver/template/plupload.html

@@ -45,7 +45,14 @@ phpbb.plupload = {
 		max_file_size: '{FILESIZE}b',
 		chunk_size: '{CHUNK_SIZE}b',
 		unique_names: true,
-		filters: [{FILTERS}],
+		filters: {
+			mime_types: [
+				{FILTERS}
+			],
+			mime_types_max_file_size: [
+				{FILTERS}
+			],
+		},
 		{S_RESIZE}
 		headers: {'X-PHPBB-USING-PLUPLOAD': '1', 'X-Requested-With': 'XMLHttpRequest'},
 		file_data_name: 'fileupload',
@@ -57,6 +64,7 @@ phpbb.plupload = {
 	lang: {
 		ERROR: '{LA_ERROR}',
 		TOO_MANY_ATTACHMENTS: '{LA_TOO_MANY_ATTACHMENTS}',
+		FORM_INVALID: '{LA_FORM_INVALID}',
 	},
 	order: '{ATTACH_ORDER}',
 	maxFiles: {MAX_ATTACHMENTS},

phpBB/styles/prosilver/template/posting_attach_body.html

@@ -38,7 +38,7 @@
 							<td class="attach-name">
 								<span class="file-name ellipsis-text"></span>
 								<span class="attach-controls">
-									<input type="button" value="{L_PLACE_INLINE}" class="button2 hidden file-inline-bbcode" />&nbsp;
+									{% if S_BBCODE_ALLOWED %}<input type="button" value="{{ lang('PLACE_INLINE') }}" class="button2 hidden file-inline-bbcode" />&nbsp;{% endif %}
 									<input type="button" value="{L_DELETE_FILE}" class="button2 file-delete" />
 								</span>
 								<span class="clear"></span>
@@ -64,7 +64,7 @@
 								<span class="file-name ellipsis-text"><a href="{attach_row.U_VIEW_ATTACHMENT}">{attach_row.FILENAME}</a></span>
 								{% EVENT posting_attach_body_attach_row_controls_prepend %}
 								<span class="attach-controls">
-									<!-- IF S_INLINE_ATTACHMENT_OPTIONS --><input type="button" value="{L_PLACE_INLINE}" class="button2 file-inline-bbcode" />&nbsp; <!-- ENDIF -->
+									{% if S_BBCODE_ALLOWED and S_INLINE_ATTACHMENT_OPTIONS %}<input type="button" value="{{ lang('PLACE_INLINE') }}" class="button2 file-inline-bbcode" />&nbsp;{% endif %}
 									<input type="submit" name="delete_file[{attach_row.ASSOC_INDEX}]" value="{L_DELETE_FILE}" class="button2 file-delete" />
 								</span>
 								{% EVENT posting_attach_body_attach_row_controls_append %}

phpBB/styles/prosilver/template/posting_buttons.html

@@ -10,27 +10,6 @@
 	var bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]','[flash=]', '[/flash]','[size=]','[/size]'<!-- BEGIN custom_tags -->, {custom_tags.BBCODE_NAME}<!-- END custom_tags -->);
 	var imageTag = false;
 
-	// Helpline messages
-	var help_line = {
-		b: '{LA_BBCODE_B_HELP}',
-		i: '{LA_BBCODE_I_HELP}',
-		u: '{LA_BBCODE_U_HELP}',
-		q: '{LA_BBCODE_Q_HELP}',
-		c: '{LA_BBCODE_C_HELP}',
-		l: '{LA_BBCODE_L_HELP}',
-		o: '{LA_BBCODE_O_HELP}',
-		p: '{LA_BBCODE_P_HELP}',
-		w: '{LA_BBCODE_W_HELP}',
-		a: '{LA_BBCODE_A_HELP}',
-		s: '{LA_BBCODE_S_HELP}',
-		f: '{LA_BBCODE_F_HELP}',
-		y: '{LA_BBCODE_Y_HELP}',
-		d: '{LA_BBCODE_D_HELP}'
-		<!-- BEGIN custom_tags -->
-			,cb_{custom_tags.BBCODE_ID}: '{custom_tags.A_BBCODE_HELPLINE}'
-		<!-- END custom_tags -->
-	}
-
 	function change_palette()
 	{
 		phpbb.toggleDisplay('colour_palette');
@@ -117,7 +96,7 @@
 	<!-- EVENT posting_editor_buttons_custom_tags_before -->
 
 	<!-- BEGIN custom_tags -->
-	<button type="button" class="button button-secondary bbcode-{custom_tags.BBCODE_TAG_CLEAN}" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{custom_tags.BBCODE_HELPLINE}">
+	<button type="button" class="button button-secondary bbcode-{custom_tags.BBCODE_TAG_CLEAN}" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{{ custom_tags.BBCODE_HELPLINE|e('html_attr') }}">
 		{custom_tags.BBCODE_TAG}
 	</button>
 	<!-- END custom_tags -->

phpBB/styles/prosilver/template/posting_review.html

@@ -13,7 +13,7 @@
 <!-- ENDIF -->
 
 	<div class="postbody" id="ppr{post_review_row.POST_ID}">
-		<h3><a href="#ppr{post_review_row.POST_ID}">{post_review_row.POST_SUBJECT}</a></h3>
+		<h3><a href="{post_review_row.U_MINI_POST}">{post_review_row.POST_SUBJECT}</a></h3>
 		<p class="author">
 			<!-- IF S_IS_BOT -->
 				<span><i class="icon fa-file fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{post_review_row.MINI_POST}</span></span>

phpBB/styles/prosilver/template/posting_topic_review.html

@@ -24,7 +24,7 @@
 	<!-- ENDIF -->
 
 		<div class="postbody" id="pr{topic_review_row.POST_ID}">
-			<h3><a href="#pr{topic_review_row.POST_ID}">{topic_review_row.POST_SUBJECT}</a></h3>
+			<h3><a href="{topic_review_row.U_MINI_POST}">{topic_review_row.POST_SUBJECT}</a></h3>
 
 			<!-- IF (topic_review_row.POSTER_QUOTE and topic_review_row.DECODED_MESSAGE) or topic_review_row.U_MCP_DETAILS -->
 			<ul class="post-buttons">

phpBB/styles/prosilver/template/search_results.html

@@ -108,7 +108,7 @@
 
 							<!-- IF not S_IS_BOT -->
 								<div class="responsive-show" style="display: none;">
-									{L_LAST_POST} {L_POST_BY_AUTHOR} <!-- EVENT search_results_last_post_author_username_prepend -->{searchresults.LAST_POST_AUTHOR_FULL}<!-- EVENT search_results_last_post_author_username_append --> &laquo; <a href="{searchresults.U_LAST_POST}" title="{L_GOTO_LAST_POST}">{searchresults.LAST_POST_TIME}</a>
+									{L_LAST_POST} {L_POST_BY_AUTHOR} <!-- EVENT search_results_last_post_author_username_prepend -->{searchresults.LAST_POST_AUTHOR_FULL}<!-- EVENT search_results_last_post_author_username_append --> &laquo; <a href="{searchresults.U_LAST_POST}" title="{L_GOTO_LAST_POST}"><time datetime="{searchresults.LAST_POST_TIME_RFC3339}">{searchresults.LAST_POST_TIME}</time></a>
 									<br />{L_POSTED} {L_IN} <a href="{searchresults.U_VIEW_FORUM}">{searchresults.FORUM_TITLE}</a>
 								</div>
 							<!-- IF searchresults.TOPIC_REPLIES --><span class="responsive-show left-box" style="display: none;">{L_REPLIES}{L_COLON} <strong>{searchresults.TOPIC_REPLIES}</strong></span><!-- ENDIF -->
@@ -118,7 +118,7 @@
 								<!-- IF searchresults.S_HAS_POLL --><i class="icon fa-bar-chart fa-fw" aria-hidden="true"></i><!-- ENDIF -->
 								<!-- IF searchresults.ATTACH_ICON_IMG --><i class="icon fa-paperclip fa-fw" aria-hidden="true"></i><!-- ENDIF -->
 								{% EVENT topiclist_row_topic_by_author_before %}
-								{L_POST_BY_AUTHOR} <!-- EVENT search_results_topic_author_username_prepend -->{searchresults.TOPIC_AUTHOR_FULL}<!-- EVENT search_results_topic_author_username_append --> &raquo; {searchresults.FIRST_POST_TIME} &raquo; {L_IN} <a href="{searchresults.U_VIEW_FORUM}">{searchresults.FORUM_TITLE}</a>
+								{L_POST_BY_AUTHOR} <!-- EVENT search_results_topic_author_username_prepend -->{searchresults.TOPIC_AUTHOR_FULL}<!-- EVENT search_results_topic_author_username_append --> &raquo; <time datetime="{searchresults.FIRST_POST_TIME_RFC3339}">{searchresults.FIRST_POST_TIME}</time> &raquo; {L_IN} <a href="{searchresults.U_VIEW_FORUM}">{searchresults.FORUM_TITLE}</a>
 								{% EVENT topiclist_row_topic_by_author_after %}
 							</div>
 
@@ -150,7 +150,7 @@
 									<i class="icon fa-external-link-square fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{VIEW_LATEST_POST}</span>
 								</a>
 							<!-- ENDIF -->
-							<br />{searchresults.LAST_POST_TIME}
+							<br /><time datetime="{searchresults.LAST_POST_TIME_RFC3339}">{searchresults.LAST_POST_TIME}</time>
 						</span>
 					</dd>
 				</dl>

phpBB/styles/prosilver/template/ucp_agreement.html

@@ -43,7 +43,8 @@
 		<div class="inner">
 		<fieldset class="submit-buttons">
 			<!-- IF S_SHOW_COPPA -->
-			<strong><a href="{U_COPPA_NO}" class="button1">{L_COPPA_NO}</a></strong>&nbsp; <a href="{U_COPPA_YES}" class="button2">{L_COPPA_YES}</a>
+			<input type="submit" name="coppa_no" id="coppa_no" value="{{ L_COPPA_NO }}" class="button1" />
+			<input type="submit" name="coppa_yes" id="coppa_yes" value="{{ L_COPPA_YES }}" class="button2" />
 			<!-- ELSE -->
 			<input type="submit" name="agreed" id="agreed" value="{L_AGREE}" class="button1" />&nbsp;
 			<input type="submit" name="not_agreed" value="{L_NOT_AGREE}" class="button2" />

phpBB/styles/prosilver/template/ucp_profile_profile_info.html

@@ -13,7 +13,7 @@
 	<!-- EVENT ucp_profile_profile_info_before -->
 	<!-- IF S_BIRTHDAYS_ENABLED -->
 		<dl>
-			<dt><label for="bday_day">{L_BIRTHDAY}{L_COLON}</label><br /><span>{L_BIRTHDAY_EXPLAIN}</span></dt>
+			<dt><label for="bday_day">{L_BIRTHDAY}{L_COLON}{% EVENT ucp_profile_profile_info_birthday_label_append %}</label><br /><span>{L_BIRTHDAY_EXPLAIN}</span></dt>
 			<dd>
 				<label for="bday_day">{L_DAY}{L_COLON} <select name="bday_day" id="bday_day">{S_BIRTHDAY_DAY_OPTIONS}</select></label>
 				<label for="bday_month">{L_MONTH}{L_COLON} <select name="bday_month" id="bday_month">{S_BIRTHDAY_MONTH_OPTIONS}</select></label>

phpBB/styles/prosilver/template/viewforum_body.html

@@ -187,7 +187,7 @@
 
 						<!-- IF not S_IS_BOT -->
 						<div class="responsive-show" style="display: none;">
-							{L_LAST_POST} {L_POST_BY_AUTHOR} <!-- EVENT viewforum_body_last_post_author_username_prepend -->{topicrow.LAST_POST_AUTHOR_FULL}<!-- EVENT viewforum_body_last_post_author_username_append --> &laquo; <a href="{topicrow.U_LAST_POST}" title="{L_GOTO_LAST_POST}">{topicrow.LAST_POST_TIME}</a>
+							{L_LAST_POST} {L_POST_BY_AUTHOR} <!-- EVENT viewforum_body_last_post_author_username_prepend -->{topicrow.LAST_POST_AUTHOR_FULL}<!-- EVENT viewforum_body_last_post_author_username_append --> &laquo; <a href="{topicrow.U_LAST_POST}" title="{L_GOTO_LAST_POST}"><time datetime="{topicrow.LAST_POST_TIME_RFC3339}">{topicrow.LAST_POST_TIME}</time></a>
 							<!-- IF topicrow.S_POST_GLOBAL and FORUM_ID != topicrow.FORUM_ID --><br />{L_POSTED} {L_IN} <a href="{topicrow.U_VIEW_FORUM}">{topicrow.FORUM_NAME}</a><!-- ENDIF -->
 						</div>
 							<!-- IF topicrow.REPLIES -->
@@ -199,7 +199,7 @@
 							<!-- IF topicrow.S_HAS_POLL --><i class="icon fa-bar-chart fa-fw" aria-hidden="true"></i><!-- ENDIF -->
 							<!-- IF topicrow.ATTACH_ICON_IMG --><i class="icon fa-paperclip fa-fw" aria-hidden="true"></i><!-- ENDIF -->
 							{% EVENT topiclist_row_topic_by_author_before %}
-							{L_POST_BY_AUTHOR} <!-- EVENT viewforum_body_topic_author_username_prepend -->{topicrow.TOPIC_AUTHOR_FULL}<!-- EVENT viewforum_body_topic_author_username_append --> &raquo; {topicrow.FIRST_POST_TIME}
+							{L_POST_BY_AUTHOR} <!-- EVENT viewforum_body_topic_author_username_prepend -->{topicrow.TOPIC_AUTHOR_FULL}<!-- EVENT viewforum_body_topic_author_username_append --> &raquo; <time datetime="{topicrow.FIRST_POST_TIME_RFC3339}">{topicrow.FIRST_POST_TIME}</time>
 							{% EVENT topiclist_row_topic_by_author_after %}
 							<!-- IF topicrow.S_POST_GLOBAL and FORUM_ID != topicrow.FORUM_ID --> &raquo; {L_IN} <a href="{topicrow.U_VIEW_FORUM}">{topicrow.FORUM_NAME}</a><!-- ENDIF -->
 						</div>
@@ -232,7 +232,7 @@
 								<i class="icon fa-external-link-square fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{VIEW_LATEST_POST}</span>
 							</a>
 						<!-- ENDIF -->
-						<br />{topicrow.LAST_POST_TIME}
+						<br /><time datetime="{topicrow.LAST_POST_TIME_RFC3339}">{topicrow.LAST_POST_TIME}</time>
 					</span>
 				</dd>
 			</dl>

phpBB/styles/prosilver/template/viewtopic_body.html

@@ -224,7 +224,7 @@
 			<div id="post_content{postrow.POST_ID}"<!-- IF postrow.S_POST_HIDDEN --> style="display: none;"<!-- ENDIF -->>
 
 			<!-- EVENT viewtopic_body_post_subject_before -->
-			<h3 <!-- IF postrow.S_FIRST_ROW -->class="first"<!-- ENDIF -->><!-- IF postrow.POST_ICON_IMG --><img src="{T_ICONS_PATH}{postrow.POST_ICON_IMG}" width="{postrow.POST_ICON_IMG_WIDTH}" height="{postrow.POST_ICON_IMG_HEIGHT}" alt="{postrow.POST_ICON_IMG_ALT}" title="{postrow.POST_ICON_IMG_ALT}" /> <!-- ENDIF --><a href="#p{postrow.POST_ID}">{postrow.POST_SUBJECT}</a></h3>
+			<h3 <!-- IF postrow.S_FIRST_ROW -->class="first"<!-- ENDIF -->><!-- IF postrow.POST_ICON_IMG --><img src="{T_ICONS_PATH}{postrow.POST_ICON_IMG}" width="{postrow.POST_ICON_IMG_WIDTH}" height="{postrow.POST_ICON_IMG_HEIGHT}" alt="{postrow.POST_ICON_IMG_ALT}" title="{postrow.POST_ICON_IMG_ALT}" /> <!-- ENDIF --><a href="{postrow.U_MINI_POST}">{postrow.POST_SUBJECT}</a></h3>
 
 		<!-- DEFINE $SHOW_POST_BUTTONS = (postrow.U_EDIT or postrow.U_DELETE or postrow.U_REPORT or postrow.U_WARN or postrow.U_INFO or postrow.U_QUOTE) -->
 		<!-- EVENT viewtopic_body_post_buttons_list_before -->
@@ -289,7 +289,7 @@
 						<i class="icon fa-file fa-fw <!-- IF postrow.S_UNREAD_POST -->icon-red<!-- ELSE -->icon-lightgray<!-- ENDIF --> icon-md" aria-hidden="true"></i><span class="sr-only">{postrow.MINI_POST}</span>
 					</a>
 				<!-- ENDIF -->
-				<span class="responsive-hide">{L_POST_BY_AUTHOR} <strong>{postrow.POST_AUTHOR_FULL}</strong> &raquo; </span>{postrow.POST_DATE}
+				<span class="responsive-hide">{L_POST_BY_AUTHOR} <strong>{postrow.POST_AUTHOR_FULL}</strong> &raquo; </span><time datetime="{postrow.POST_DATE_RFC3339}">{postrow.POST_DATE}</time>
 			</p>
 			<!-- EVENT viewtopic_body_postrow_post_details_after -->
 

phpBB/viewforum.php

@@ -222,7 +222,7 @@ if ($mark_read == 'topics')
 		$data = array(
 			'NO_UNREAD_POSTS'	=> $user->lang['NO_UNREAD_POSTS'],
 			'UNREAD_POSTS'		=> $user->lang['UNREAD_POSTS'],
-			'U_MARK_TOPICS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . "&f=$forum_id&mark=topics&mark_time=" . time()) : '',
+			'U_MARK_TOPICS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . "&f=$forum_id&mark=topics&mark_time=" . time(), false) : '',
 			'MESSAGE_TITLE'		=> $user->lang['INFORMATION'],
 			'MESSAGE_TEXT'		=> $user->lang['TOPICS_MARKED']
 		);
@@ -933,9 +933,12 @@ if (count($topic_list))
 			'TOPIC_AUTHOR_COLOUR'		=> get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']),
 			'TOPIC_AUTHOR_FULL'			=> get_username_string('full', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']),
 			'FIRST_POST_TIME'			=> $user->format_date($row['topic_time']),
+			'FIRST_POST_TIME_RFC3339'	=> gmdate(DATE_RFC3339, $row['topic_time']),
 			'LAST_POST_SUBJECT'			=> censor_text($row['topic_last_post_subject']),
 			'LAST_POST_TIME'			=> $user->format_date($row['topic_last_post_time']),
+			'LAST_POST_TIME_RFC3339'	=> gmdate(DATE_RFC3339, $row['topic_last_post_time']),
 			'LAST_VIEW_TIME'			=> $user->format_date($row['topic_last_view_time']),
+			'LAST_VIEW_TIME_RFC3339'	=> gmdate(DATE_RFC3339, $row['topic_last_view_time']),
 			'LAST_POST_AUTHOR'			=> get_username_string('username', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']),
 			'LAST_POST_AUTHOR_COLOUR'	=> get_username_string('colour', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']),
 			'LAST_POST_AUTHOR_FULL'		=> get_username_string('full', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']),